banner v prehliadači "A virus has been detected"

[sani.pd]

V prehliadači (nezáleží v ktorom, robí to v každom rovnako) sa mi na väčšine stránok zobrazuje banner "A virus has been detected! Scan your computer now". Zobrazuje sa vždy v hornej časti webu + na miestach, kde štandardne býva flash reklama. Banner presmerúvava na stránku activevirusscan.com.
Odkedy sa mi toto zobrazuje, mám problém s prihlasovaním na niektoré webové stránky (ktoré fungujú ako fóra), napr. aj na forum.viry.cz. Po zadaní prihlasovacích údajov a stlačení "Prihlásiť" sa zobrazí len biela obrazovka (v prehliadači) a po refreshi na domovskú stránku nie som prihlásená.

Skúšala som rôzne nástroje na odstránenie, ale nič nepomohlo: Eset (hĺbkový scan), Malwerebytes Anti-Malware, Spybot search&destroy.

Snap_2013.11.04_11h56m37s_001_800.png (285.47 KiB) Zobrazeno 3701 x

Log.txt z RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by Sani at 2013-11-04 12:33:18
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 177 GB (69%) free of 256 GB
Total RAM: 4086 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:39:27, on 4. 11. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Hardware\Keyboard\Ikeymain.exe
C:\Program Files\Hardware\Mouse\Amoumain.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\G9G11_ScreenCapture\ScreenCapture.exe
C:\Users\Sani\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Sani.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\G9G11_ScreenCapture\ScreenCapture.exe" Minimum
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2179305097-2225650138-2842843989-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2179305097-2225650138-2842843989-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Dropbox.lnk = Sani\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Obrazovková spinka a spúšťač programu OneNote 2010.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\provider.dll
O10 - Unknown file in Winsock LSP: c:\windows\provider.dll
O10 - Unknown file in Winsock LSP: c:\windows\provider.dll
O10 - Unknown file in Winsock LSP: c:\windows\provider.dll
O10 - Unknown file in Winsock LSP: c:\windows\provider.dll
O10 - Unknown file in Winsock LSP: c:\windows\provider.dll
O10 - Unknown file in Winsock LSP: c:\windows\provider.dll
O10 - Unknown file in Winsock LSP: c:\windows\provider.dll
O10 - Unknown file in Winsock LSP: c:\windows\provider.dll
O10 - Unknown file in Winsock LSP: c:\windows\provider.dll
O10 - Unknown file in Winsock LSP: c:\windows\provider.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13624 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
/QuitInfo:00000000000002F4;0000000000000310; /AddRef;
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
"taskhost.exe"
taskeng.exe {70917D03-0606-4DC3-A749-171C6F0569CB}
/QuitInfo:000000000000038C;0000000000000390; /AddRef;
"C:\Windows\system32\Dwm.exe"
/QuitInfo:00000000000001D8;00000000000003A4;
C:\Windows\Explorer.EXE
"C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
"C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
/loadhooks /Parent:00000000000008FC
WTablet\Wacom_TabletUser.exe
Wacom_Tablet.exe au
"C:\Program Files\Hardware\Keyboard\Ikeymain.exe"
"C:\Program Files\Hardware\Mouse\Amoumain.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\G9G11_ScreenCapture\ScreenCapture.exe" Minimum
"C:\Users\Sani\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE" /tsr
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
"C:\Windows\System32\Ctxfihlp.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe"
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Windows\SysWOW64\CTXFISPI.EXE" -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /uac
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Windows\system32\StikyNot.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5072.0.1141233580\54943675" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,18,21,24,26 --gpu-vendor-id=0x10de --gpu-device-id=0x06cd --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.2723 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InstantExtended/Group1 pct:25 stable:r1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_63/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --disable-client-side-phishing-detection --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5072.1.2132526991\1402923963" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_63/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --disable-client-side-phishing-detection --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5072.2.1980769133\1875011971" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_63/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --disable-client-side-phishing-detection --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5072.3.1937543550\1446656341" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_63/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/" --disable-client-side-phishing-detection --renderer-print-preview --instant-process --enable-threaded-compositing --disable-html-notifications --channel="5072.12.847423585\598749190" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_63/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/" --disable-client-side-phishing-detection --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5072.13.63639144\2079852589" /prefetch:673131151
"taskhost.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_63/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/" --disable-client-side-phishing-detection --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5072.22.27752890\2108617445" /prefetch:673131151
"E:\Net\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-01-16 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"iKeyWorks"=C:\Program Files\Hardware\Keyboard\Ikeymain.exe [2008-06-14 65536]
"WheelMouse"=C:\Program Files\Hardware\Mouse\Amoumain.exe [2008-07-11 237568]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 4035152]
"Služba Acronis Scheduler2"=C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2010-09-23 391144]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-03-17 10134560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"BitTorrent"=C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe [2013-08-14 884576]
"AshSnap"=C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe [2013-08-19 3781968]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2013-09-25 20133824]
"OscarEditor"=C:\Program Files (x86)\G9G11_ScreenCapture\ScreenCapture.exe [2012-05-18 3538944]
"RESTART_STICKY_NOTES"=C:\Windows\system32\StikyNot.exe [2009-07-14 427520]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"VolPanel"=C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2008-12-29 237693]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"CTxfiHlp"=CTXFIHLP.EXE []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
"SAOB Monitor"=C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2010-09-02 2536752]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2010-09-23 5502312]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2013-07-23 84576]

C:\Users\Sani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Sani\AppData\Roaming\Dropbox\bin\Dropbox.exe
Obrazovková spinka a spúšťač programu OneNote 2010.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux4"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux6"=wdmaud.drv
"aux7"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-11-04 12:33:21 ----D---- C:\Program Files\trend micro
2013-11-04 12:33:18 ----D---- C:\rsit
2013-11-04 11:30:03 ----A---- C:\Windows\system32\auto_reactivate.exe
2013-11-04 11:29:30 ----RSHD---- C:\bootwiz
2013-10-31 06:27:05 ----D---- C:\Users\Sani\AppData\Roaming\Malwarebytes
2013-10-31 06:26:46 ----D---- C:\ProgramData\Malwarebytes
2013-10-31 06:26:45 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-31 06:26:45 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-10-31 06:24:45 ----D---- C:\AdwCleaner
2013-10-31 06:20:50 ----A---- C:\Windows\system32\drivers\hitmanpro37.sys
2013-10-31 06:20:40 ----D---- C:\ProgramData\HitmanPro
2013-10-30 19:39:40 ----A---- C:\Windows\wininit.ini
2013-10-30 18:39:09 ----D---- C:\ProgramData\Spybot - Search & Destroy
2013-10-19 19:03:53 ----A---- C:\Windows\unins000.exe
2013-10-19 19:03:53 ----A---- C:\Windows\Provider.dll
2013-10-19 19:03:53 ----A---- C:\Windows\Installer.exe
2013-10-19 19:03:51 ----A---- C:\Windows\unins000.dat
2013-10-19 18:59:59 ----D---- C:\ProgramData\VST3 Presets
2013-10-19 15:58:40 ----D---- C:\Program Files (x86)\HALion 3
2013-10-19 15:58:40 ----A---- C:\Windows\SYSWOW64\ReWire.dll
2013-10-19 15:52:55 ----D---- C:\Users\Sani\AppData\Roaming\VST3 Presets
2013-10-19 15:52:55 ----D---- C:\ProgramData\Steinberg
2013-10-19 15:51:49 ----A---- C:\Windows\SYSWOW64\SYNSOEMU.DLL
2013-10-19 15:51:48 ----A---- C:\HALionOne.dll
2013-10-19 15:48:12 ----D---- C:\Users\Sani\AppData\Roaming\Steinberg
2013-10-19 15:48:11 ----D---- C:\Program Files (x86)\Steinberg
2013-10-19 10:37:48 ----D---- C:\Program Files (x86)\ASIO4ALL v2
2013-10-18 20:28:39 ----HDC---- C:\ProgramData\{E46F8D45-38F3-4A57-828D-BE6A8C9A2EA1}
2013-10-18 19:44:01 ----DC---- C:\ProgramData\{ACEB5C90-39F7-4044-91EF-FBD59A59D240}
2013-10-18 19:13:11 ----HDC---- C:\ProgramData\{F531707E-A555-4890-97A1-9A651D437F0F}
2013-10-18 19:10:55 ----HDC---- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2013-10-18 18:41:45 ----D---- C:\Program Files\Common Files\Native Instruments
2013-10-18 18:41:29 ----D---- C:\ProgramData\Native Instruments
2013-10-18 18:41:29 ----D---- C:\Program Files\Native Instruments
2013-10-10 20:50:59 ----D---- C:\Users\Sani\AppData\Roaming\Dropbox
2013-10-05 12:15:35 ----D---- C:\Windows\system32\MRT
2013-10-05 12:15:33 ----A---- C:\Windows\system32\MRT.exe
2013-10-05 12:11:54 ----D---- C:\Program Files\Microsoft Mouse and Keyboard Center

======List of files/folders modified in the last 1 month======

2013-11-04 12:38:20 ----D---- C:\Users\Sani\AppData\Roaming\BitTorrent
2013-11-04 12:33:45 ----D---- C:\Windows\Prefetch
2013-11-04 12:33:21 ----RD---- C:\Program Files
2013-11-04 12:32:55 ----D---- C:\Windows\Temp
2013-11-04 12:31:01 ----D---- C:\Users\Sani\AppData\Roaming\Winamp
2013-11-04 11:44:37 ----D---- C:\Windows\Panther
2013-11-04 11:44:36 ----D---- C:\Windows\inf
2013-11-04 11:44:26 ----SD---- C:\Users\Sani\AppData\Roaming\Microsoft
2013-11-04 11:44:25 ----SD---- C:\ProgramData\Microsoft
2013-11-04 11:40:51 ----D---- C:\Windows\Logs
2013-11-04 11:40:50 ----D---- C:\Windows\Minidump
2013-11-04 11:40:50 ----D---- C:\Windows\debug
2013-11-04 11:40:50 ----D---- C:\Windows
2013-11-04 11:30:03 ----D---- C:\Windows\System32
2013-11-04 11:26:52 ----D---- C:\Program Files\KMSpico
2013-11-04 11:26:24 ----RD---- C:\Program Files (x86)
2013-11-04 11:23:02 ----D---- C:\Users\Sani\AppData\Roaming\Acronis
2013-11-04 11:07:16 ----D---- C:\Windows\system32\config
2013-11-04 10:55:54 ----D---- C:\Users\Sani\AppData\Roaming\WTablet
2013-11-04 10:55:46 ----D---- C:\ProgramData\NVIDIA
2013-11-03 18:28:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-10-31 06:27:09 ----HD---- C:\ProgramData
2013-10-31 06:26:45 ----D---- C:\Windows\system32\drivers
2013-10-31 06:12:04 ----H---- C:\Windows\system32\KMSWrapper.dll
2013-10-31 06:06:51 ----D---- C:\ProgramData\YTD Video Downloader
2013-10-30 21:24:41 ----SHD---- C:\System Volume Information
2013-10-30 19:11:26 ----D---- C:\Windows\system32\drivers\etc
2013-10-30 18:39:23 ----D---- C:\Windows\system32\Tasks
2013-10-19 19:01:06 ----SHD---- C:\Windows\Installer
2013-10-19 19:01:01 ----SHD---- C:\Config.Msi
2013-10-19 18:52:27 ----D---- C:\Windows\SysWOW64
2013-10-19 18:47:25 ----D---- C:\Program Files (x86)\Common Files
2013-10-19 18:47:21 ----D---- C:\Windows\system32\catroot2
2013-10-18 22:33:55 ----D---- C:\ProgramData\Creative
2013-10-18 19:11:31 ----D---- C:\Users\Sani\AppData\Roaming\vlc
2013-10-18 18:41:45 ----D---- C:\Program Files\Common Files
2013-10-12 17:48:04 ----D---- C:\Program Files (x86)\Tablet
2013-10-12 17:48:02 ----D---- C:\Windows\system32\WTablet
2013-10-05 16:52:51 ----D---- C:\Windows\system32\DriverStore
2013-10-05 16:52:04 ----D---- C:\Windows\system32\wdi
2013-10-05 12:14:31 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-10-05 12:12:40 ----D---- C:\Windows\system32\catroot
2013-10-05 12:12:08 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2013-08-10 277088]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273); C:\Windows\system32\DRIVERS\tdrpm273.sys [2013-08-10 1263200]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2013-08-10 970336]
R1 Amfilter;USB Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfltx64.sys [2007-10-15 12288]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2013-03-04 40344]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2013-08-10 279136]
R3 Amusbprt;USB HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbx64.sys [2008-02-13 17920]
R3 CT20XUT.SYS;CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2010-07-07 697816]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2010-07-07 15960]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2010-07-07 213080]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2010-07-07 118360]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-11-04 25640]
R3 ha20x22k;Creative 20X2 HAL Driver; C:\Windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-03-17 2298400]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-09-17 196384]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2010-07-07 179288]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2013-03-11 36352]
R3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-25 18216]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12848]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2009-09-22 16168]
S3 CT20XUT;CT20XUT; C:\Windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2010-07-07 580696]
S3 CTEXFIFX;CTEXFIFX; C:\Windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
S3 CTHWIUT;CTHWIUT; C:\Windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]
S3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2010-07-07 1567832]
S3 hitmanpro37;HitmanPro 3.7 Support Driver; \??\C:\Windows\system32\drivers\hitmanpro37.sys [2013-10-31 32512]
S3 MSICDSetup;MSICDSetup; \??\Z:\CDriver64.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2010-09-23 1079376]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 afcdpsrv;Acronis Nonstop Backup Service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-08-10 3975088]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2010-02-12 286720]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-09-12 920864]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-09-17 1364256]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-09-12 414496]
R2 TabletServiceWacom;TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [2010-03-09 6245744]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-08-09 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-08-09 79360]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-08-18 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[vyosek]

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[sani.pd]

Zdravim , tu su logy:

# AdwCleaner v3.011 - Report created 04/11/2013 at 14:46:02
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sani - SANI-PC
# Running from : E:\Net\adwcleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [2037 octets] - [31/10/2013 06:24:49]
AdwCleaner[R1].txt - [938 octets] - [04/11/2013 14:45:16]
AdwCleaner[S0].txt - [1900 octets] - [31/10/2013 06:27:09]
AdwCleaner[S1].txt - [826 octets] - [04/11/2013 14:46:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [885 octets] ##########







~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Sani on po 04. 11. 2013 at 14:37:13,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 04. 11. 2013 at 14:41:46,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Problem stale pretrvava

[vyosek]

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[sani.pd]

LOG z RKILL

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/04/2013 04:41:32 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com

20 out of 15490 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 11/04/2013 04:43:16 PM
Execution time: 0 hours(s), 1 minute(s), and 44 seconds(s)





LOG z ComboFix
ComboFix 13-11-03.02 - Sani . 11. 2013 16:46:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4086.2093 [GMT 1:00]
Running from: e:\net\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sani\AppData\Local\Temp\_MEI36642\_ctypes.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\_elementtree.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\_hashlib.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\_multiprocessing.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\_socket.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\_ssl.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\msvcp100.dll
c:\users\Sani\AppData\Local\Temp\_MEI36642\msvcr100.dll
c:\users\Sani\AppData\Local\Temp\_MEI36642\pyexpat.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\pysqlite2._sqlite.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\python27.dll
c:\users\Sani\AppData\Local\Temp\_MEI36642\pythoncom27.dll
c:\users\Sani\AppData\Local\Temp\_MEI36642\PyWinTypes27.dll
c:\users\Sani\AppData\Local\Temp\_MEI36642\select.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\unicodedata.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\win32api.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\win32com.shell.shell.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\win32crypt.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\win32event.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\win32file.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\win32inet.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\win32pdh.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\win32process.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\win32profile.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\win32security.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\win32ts.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\windows._cacheinvalidation.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\wx._controls_.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\wx._core_.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\wx._gdi_.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\wx._html2.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\wx._misc_.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\wx._windows_.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\wx._wizard.pyd
c:\users\Sani\AppData\Local\Temp\_MEI36642\wxbase294u_net_vc90.dll
c:\users\Sani\AppData\Local\Temp\_MEI36642\wxbase294u_vc90.dll
c:\users\Sani\AppData\Local\Temp\_MEI36642\wxmsw294u_adv_vc90.dll
c:\users\Sani\AppData\Local\Temp\_MEI36642\wxmsw294u_core_vc90.dll
c:\users\Sani\AppData\Local\Temp\_MEI36642\wxmsw294u_html_vc90.dll
c:\users\Sani\AppData\Local\Temp\_MEI36642\wxmsw294u_webview_vc90.dll
c:\windows\installer.exe
c:\windows\wininit.ini
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2013-10-04 to 2013-11-04 )))))))))))))))))))))))))))))))
.
.
2013-11-04 14:05 . 2013-11-04 14:05 -------- d-----w- c:\program files\HitmanPro
2013-11-04 13:08 . 2013-11-04 13:08 -------- d-----w- c:\windows\ERUNT
2013-11-04 13:01 . 2013-11-04 13:01 -------- d-----w- c:\programdata\McAfee Security Scan
2013-11-04 13:01 . 2013-11-04 13:01 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2013-11-04 13:01 . 2013-11-04 13:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-04 13:01 . 2013-11-04 13:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-04 12:55 . 2013-11-04 12:55 -------- d-----w- c:\windows\system32\Macromed
2013-11-04 11:33 . 2013-11-04 11:39 -------- d-----w- c:\program files\trend micro
2013-11-04 11:33 . 2013-11-04 11:39 -------- d-----w- C:\rsit
2013-11-04 10:30 . 2013-11-04 10:30 2786920 ----a-w- c:\windows\system32\auto_reactivate.exe
2013-11-04 10:29 . 2013-11-04 10:29 -------- d-----r- C:\bootwiz
2013-10-31 05:27 . 2013-10-31 05:27 -------- d-----w- c:\users\Sani\AppData\Roaming\Malwarebytes
2013-10-31 05:26 . 2013-10-31 05:26 -------- d-----w- c:\programdata\Malwarebytes
2013-10-31 05:26 . 2013-10-31 05:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-31 05:26 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-31 05:24 . 2013-11-04 14:08 -------- d-----w- C:\AdwCleaner
2013-10-31 05:20 . 2013-11-04 13:13 -------- d-----w- c:\programdata\HitmanPro
2013-10-30 17:39 . 2013-10-30 18:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-10-30 17:35 . 2013-10-16 00:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C78C502-4B99-4981-8DF0-6A9F27D4F16A}\mpengine.dll
2013-10-19 18:03 . 2013-10-19 18:03 717985 ----a-w- c:\windows\unins000.exe
2013-10-19 18:03 . 2013-05-15 09:20 146432 ----a-w- c:\windows\Provider.dll
2013-10-19 17:59 . 2013-10-19 17:59 -------- d-----w- c:\programdata\VST3 Presets
2013-10-19 17:47 . 2013-10-19 17:47 -------- d-----w- c:\program files (x86)\Common Files\Steinberg
2013-10-19 14:58 . 2013-10-19 14:58 -------- d-----w- c:\program files (x86)\HALion 3
2013-10-19 14:58 . 2008-10-20 16:42 368640 ----a-w- c:\windows\SysWow64\ReWire.dll
2013-10-19 14:52 . 2013-10-19 14:52 -------- d-----w- c:\users\Sani\AppData\Roaming\VST3 Presets
2013-10-19 14:52 . 2013-10-19 14:52 -------- d-----w- c:\programdata\Steinberg
2013-10-19 14:51 . 2009-12-19 09:18 2395648 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL
2013-10-19 14:51 . 2007-08-24 11:24 16138240 ----a-w- C:\HALionOne.dll
2013-10-19 14:51 . 2013-10-19 14:51 -------- d-----w- c:\program files (x86)\Common Files\VST3
2013-10-19 14:48 . 2013-10-19 18:05 -------- d-----w- c:\users\Sani\AppData\Roaming\Steinberg
2013-10-19 14:48 . 2013-11-04 13:07 -------- d-----w- c:\program files (x86)\Steinberg
2013-10-19 09:37 . 2013-10-19 09:37 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2013-10-18 19:28 . 2013-10-18 19:28 -------- dc-h--w- c:\programdata\{E46F8D45-38F3-4A57-828D-BE6A8C9A2EA1}
2013-10-18 19:26 . 2013-10-18 19:26 -------- d-----w- c:\program files (x86)\Common Files\Avid
2013-10-18 18:44 . 2013-10-18 18:44 -------- dc----w- c:\programdata\{ACEB5C90-39F7-4044-91EF-FBD59A59D240}
2013-10-18 18:10 . 2013-10-18 18:10 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2013-10-18 17:44 . 2013-10-18 18:31 -------- d-----w- c:\users\Sani\AppData\Local\Native Instruments
2013-10-18 17:41 . 2013-11-04 13:04 -------- d-----w- c:\program files\Common Files\Native Instruments
2013-10-18 17:41 . 2013-10-18 17:41 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
2013-10-18 17:41 . 2013-11-04 13:04 -------- d-----w- c:\program files\Native Instruments
2013-10-18 17:41 . 2013-10-18 17:41 -------- d-----w- c:\programdata\Native Instruments
2013-10-13 09:23 . 2013-10-13 09:23 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-10-10 19:53 . 2013-11-04 15:42 -------- d-----r- c:\users\Sani\Dropbox
2013-10-10 19:50 . 2013-11-04 15:39 -------- d-----w- c:\users\Sani\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-04 15:52 . 2013-09-20 18:24 25640 ----a-w- c:\windows\gdrv.sys
2013-10-31 05:12 . 2013-08-09 20:27 87094 ---h--w- c:\windows\system32\KMSWrapper.dll
2013-09-26 00:46 . 2013-10-05 11:15 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-17 20:22 . 2013-09-17 20:22 13628208 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-09-17 20:22 . 2013-02-25 22:32 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-09-17 20:22 . 2013-09-17 20:22 1222824 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-09-17 20:22 . 2013-02-25 22:32 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-09-17 20:22 . 2013-09-17 20:22 7648000 ----a-w- c:\windows\system32\nvopencl.dll
2013-09-17 20:22 . 2013-09-17 20:22 6329552 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-09-17 20:22 . 2013-09-17 20:22 29337376 ----a-w- c:\windows\system32\nvoglv64.dll
2013-09-17 20:22 . 2013-09-17 20:22 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-09-17 20:22 . 2013-09-17 20:22 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-09-17 20:22 . 2013-09-17 20:22 22102304 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-09-17 20:22 . 2013-09-17 20:22 11274528 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-09-17 20:22 . 2013-09-17 20:22 603424 ----a-w- c:\windows\system32\NvIFR64.dll
2013-09-17 20:22 . 2013-09-17 20:22 515360 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-09-17 20:22 . 2013-09-17 20:22 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-09-17 20:22 . 2013-09-17 20:22 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-09-17 20:22 . 2013-09-17 20:22 681760 ----a-w- c:\windows\system32\NvFBC64.dll
2013-09-17 20:22 . 2013-09-17 20:22 586016 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-09-17 20:22 . 2013-09-17 20:22 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2013-09-17 20:22 . 2013-09-17 20:22 196384 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-09-17 20:22 . 2013-09-17 20:22 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-17 20:22 . 2013-09-17 20:22 15703688 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-09-17 20:22 . 2013-09-17 20:22 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
2013-09-17 20:22 . 2013-09-17 20:22 1510176 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-09-17 20:22 . 2013-09-17 20:22 2970400 ----a-w- c:\windows\system32\nvcuvid.dll
2013-09-17 20:22 . 2013-09-17 20:22 2789152 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-09-17 20:22 . 2013-02-25 22:32 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-17 20:22 . 2013-09-17 20:22 9281032 ----a-w- c:\windows\system32\nvcuda.dll
2013-09-17 20:22 . 2013-09-17 20:22 7720576 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-09-17 20:22 . 2013-09-17 20:22 2367264 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-09-17 20:22 . 2013-09-17 20:22 2007328 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-09-17 20:22 . 2013-09-17 20:22 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-09-17 20:22 . 2013-09-17 20:22 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-09-17 20:22 . 2013-02-25 22:32 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-17 20:22 . 2013-02-25 22:32 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-12 07:25 . 2010-10-19 00:25 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2010-10-19 00:25 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2010-10-19 00:25 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2010-10-19 00:25 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2010-10-19 00:25 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 07:25 . 2010-10-19 00:25 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-11 23:17 . 2013-09-11 23:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-09-11 22:06 . 2013-08-17 19:59 3361114 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-03 13:35 . 2013-08-09 21:14 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-18 08:49 . 2013-08-18 08:49 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-08-18 08:49 . 2013-08-18 08:49 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-08-18 08:49 . 2013-08-18 08:49 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-08-18 08:49 . 2013-08-18 08:49 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-08-18 08:49 . 2013-08-18 08:49 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-08-18 08:49 . 2013-08-18 08:49 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-08-18 08:49 . 2013-08-18 08:49 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-08-18 08:49 . 2013-08-18 08:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-08-18 08:49 . 2013-08-18 08:49 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-08-18 08:49 . 2013-08-18 08:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-08-18 08:49 . 2013-08-18 08:49 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-08-18 08:49 . 2013-08-18 08:49 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-08-18 08:49 . 2013-08-18 08:49 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-08-18 08:49 . 2013-08-18 08:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-08-18 08:49 . 2013-08-18 08:49 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-08-18 08:49 . 2013-08-18 08:49 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-08-18 08:49 . 2013-08-18 08:49 81408 ----a-w- c:\windows\system32\icardie.dll
2013-08-18 08:49 . 2013-08-18 08:49 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-08-18 08:49 . 2013-08-18 08:49 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-08-18 08:49 . 2013-08-18 08:49 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-08-18 08:49 . 2013-08-18 08:49 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-08-18 08:49 . 2013-08-18 08:49 441856 ----a-w- c:\windows\system32\html.iec
2013-08-18 08:49 . 2013-08-18 08:49 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-08-18 08:49 . 2013-08-18 08:49 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-08-18 08:49 . 2013-08-18 08:49 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-18 08:49 . 2013-08-18 08:49 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-08-18 08:49 . 2013-08-18 08:49 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-08-18 08:49 . 2013-08-18 08:49 235008 ----a-w- c:\windows\system32\url.dll
2013-08-18 08:49 . 2013-08-18 08:49 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-08-18 08:49 . 2013-08-18 08:49 216064 ----a-w- c:\windows\system32\msls31.dll
2013-08-18 08:49 . 2013-08-18 08:49 197120 ----a-w- c:\windows\system32\msrating.dll
2013-08-18 08:49 . 2013-08-18 08:49 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-08-18 08:49 . 2013-08-18 08:49 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-18 08:49 . 2013-08-18 08:49 144896 ----a-w- c:\windows\system32\wextract.exe
2013-08-18 08:49 . 2013-08-18 08:49 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-08-18 08:49 . 2013-08-18 08:49 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-08-18 08:49 . 2013-08-18 08:49 102912 ----a-w- c:\windows\system32\inseng.dll
2013-08-18 08:49 . 2013-08-18 08:49 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-08-18 08:49 . 2013-08-18 08:49 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-08-18 08:49 . 2013-08-18 08:49 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-08-18 08:49 . 2013-08-18 08:49 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-08-18 08:49 . 2013-08-18 08:49 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-08-18 08:49 . 2013-08-18 08:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-08-18 08:49 . 2013-08-18 08:49 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-08-18 08:49 . 2013-08-18 08:49 149504 ----a-w- c:\windows\system32\occache.dll
2013-08-18 08:49 . 2013-08-18 08:49 13824 ----a-w- c:\windows\system32\mshta.exe
2013-08-18 08:49 . 2013-08-18 08:49 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-08-18 08:49 . 2013-08-18 08:49 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-08-18 08:49 . 2013-08-18 08:49 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-08-18 08:48 . 2013-08-18 08:48 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-18 08:48 . 2013-08-18 08:48 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-18 08:48 . 2013-08-18 08:48 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-18 08:48 . 2013-08-18 08:48 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-18 08:48 . 2013-08-18 08:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Sani\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Sani\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Sani\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe" [2013-08-14 884576]
"AshSnap"="c:\program files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe" [2013-08-19 3781968]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
"OscarEditor"="c:\program files (x86)\G9G11_ScreenCapture\ScreenCapture.exe" [2012-05-18 3538944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SAOB Monitor"="c:\program files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-09-02 2536752]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-09-23 5502312]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2013-07-23 84576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-07-07 47104]
.
c:\users\Sani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sani\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-11-1 29769432]
Obrazovková spinka a spúšaè programu OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-1-21 226176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate c:\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 MSICDSetup;MSICDSetup;z:\cdriver64.sys;z:\CDriver64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe;c:\windows\SYSNATIVE\Wacom_Tablet.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 21:22 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-04 13:01]
.
2013-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09 20:11]
.
2013-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09 20:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Sani\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Sani\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Sani\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Sani\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"iKeyWorks"="c:\program files\Hardware\Keyboard\Ikeymain.exe" [2008-06-14 65536]
"WheelMouse"="c:\program files\Hardware\Mouse\Amoumain.exe" [2008-07-11 237568]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-23 391144]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-17 10134560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportova do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&osla do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\windows\Provider.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{43E7798A-248E-4A3D-9969-FEA63543A462} - c:\programdata\{F531707E-A555-4890-97A1-9A651D437F0F}\Kontakt 4 Setup PC.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-11-04 16:56:32 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-04 15:56
.
Pre-Run: 187 691 319 296 bytes free
Post-Run: 187 378 388 992 bytes free
.
- - End Of File - - DBD6E73A1AEA1D7B1FFA188D99B19D9F


PROBLEM PRETRVAVA

[vyosek]

Stahnete WIGI http://tigzy.geekstogo.com/Tools/WhyIGotInfected.exe

• Pokud pouzivate Win Vista ci W7, kliknete na WIGI pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Scan
• Po dokonceni scanu (obdelnik vedle bude cely zeleny) kliknete na Report
• Otevre se log, ten sem vlozte

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

• Ulozte nejlepe na Plochu
• Spustte tradicne dvouklikem a postupujte dle pokynu utility
• Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

[sani.pd]

Results of screen317's Security Check version 0.99.76
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.9.900.117
Adobe Reader XI
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Acronis OnlineBackupStandalone TrueImageMonitor.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



WhyIGotInfected 1.9.0.0(by Tigzy)
********************************

Run : 6. 11. 2013 19:31:43 [Normal Mode]
Machine : SANI-PC (4 CPUs) [Sani : ADMIN]
OS: Windows 7 Service Pack 1 (x64)

~~ Plugins check: ~~

UPTODATE [Windows 7 Service Pack 1] Current : Service Pack 1 -- Latest : Service Pack 1
OUTDATED [Internet Explorer] Current : 9.10.9200.16686 -- Latest : 9.10.9200.16721
OUTDATED [Internet Explorer] Current : 9.10.9200.16686 -- Latest : 9.10.9200.16721
UPTODATE [Adobe Reader (x86)] Current : 11 -- Latest : 11
UPTODATE [Adobe Flash FF Plugin] Current : 11.9.900.117 -- Latest : 11.9.900.117
UPTODATE [Adobe Flash FF Plugin (x86)] Current : 11.9.900.117 -- Latest : 11.9.900.117


Finished
<C:\Users\Sani\Desktop\WIGIReport[0].txt>
WIGIReport[0].txt

[vyosek]

Odinstalujte McAfee Security Scan

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  services.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s
  *loader* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
• Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

[sani.pd]

OTL logfile created on: 7. 11. 2013 19:45:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Net
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,99 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 46,37% Memory free
7,98 Gb Paging File | 5,18 Gb Available in Paging File | 64,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 250,00 Gb Total Space | 173,09 Gb Free Space | 69,24% Space Free | Partition Type: NTFS
Drive D: | 350,00 Gb Total Space | 77,84 Gb Free Space | 22,24% Space Free | Partition Type: NTFS
Drive E: | 331,22 Gb Total Space | 172,23 Gb Free Space | 52,00% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 616,01 Gb Free Space | 66,13% Space Free | Partition Type: NTFS
Drive Z: | 413,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SANI-PC | User Name: Sani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days

========== Processes (SafeList) ==========

PRC - [2013/11/07 19:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Net\OTL.exe
PRC - [2013/11/01 23:29:06 | 029,769,432 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sani\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/25 16:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/09/17 21:22:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/09/12 00:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/08/19 09:33:54 | 003,781,968 | ---- | M] (Ashampoo Media GmbH & Co. KG) -- C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe
PRC - [2013/08/14 14:47:51 | 000,884,576 | ---- | M] (BitTorrent Inc.) -- C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe
PRC - [2013/08/10 07:40:10 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/07/23 23:57:44 | 000,084,576 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/18 18:59:54 | 003,538,944 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\ScreenCapture.exe
PRC - [2011/09/22 11:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/09/23 14:59:56 | 000,391,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/09/23 14:57:06 | 005,502,312 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/09/02 15:49:40 | 002,536,752 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/07/07 19:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/07/07 19:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2008/12/29 15:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/07/11 17:20:59 | 000,237,568 | ---- | M] () -- C:\Program Files\Hardware\Mouse\Amoumain.exe
PRC - [2008/06/14 06:18:14 | 000,065,536 | ---- | M] () -- C:\Program Files\Hardware\Keyboard\Ikeymain.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/07 19:37:16 | 001,175,040 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._core_.pyd
MOD - [2013/11/07 19:37:16 | 001,153,024 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_ssl.pyd
MOD - [2013/11/07 19:37:16 | 001,062,400 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._controls_.pyd
MOD - [2013/11/07 19:37:16 | 000,811,008 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._windows_.pyd
MOD - [2013/11/07 19:37:16 | 000,805,888 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._gdi_.pyd
MOD - [2013/11/07 19:37:16 | 000,735,232 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._misc_.pyd
MOD - [2013/11/07 19:37:16 | 000,711,680 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_hashlib.pyd
MOD - [2013/11/07 19:37:16 | 000,686,080 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\unicodedata.pyd
MOD - [2013/11/07 19:37:16 | 000,557,056 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\pysqlite2._sqlite.pyd
MOD - [2013/11/07 19:37:16 | 000,504,832 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\windows._cacheinvalidation.pyd
MOD - [2013/11/07 19:37:16 | 000,364,544 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\pythoncom27.dll
MOD - [2013/11/07 19:37:16 | 000,320,512 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32com.shell.shell.pyd
MOD - [2013/11/07 19:37:16 | 000,128,512 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_elementtree.pyd
MOD - [2013/11/07 19:37:16 | 000,127,488 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\pyexpat.pyd
MOD - [2013/11/07 19:37:16 | 000,122,368 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._wizard.pyd
MOD - [2013/11/07 19:37:16 | 000,119,808 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32file.pyd
MOD - [2013/11/07 19:37:16 | 000,110,080 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\pywintypes27.dll
MOD - [2013/11/07 19:37:16 | 000,108,544 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32security.pyd
MOD - [2013/11/07 19:37:16 | 000,098,816 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32api.pyd
MOD - [2013/11/07 19:37:16 | 000,087,040 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_ctypes.pyd
MOD - [2013/11/07 19:37:16 | 000,070,656 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._html2.pyd
MOD - [2013/11/07 19:37:16 | 000,044,032 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_socket.pyd
MOD - [2013/11/07 19:37:16 | 000,038,912 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32inet.pyd
MOD - [2013/11/07 19:37:16 | 000,035,840 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32process.pyd
MOD - [2013/11/07 19:37:16 | 000,026,624 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_multiprocessing.pyd
MOD - [2013/11/07 19:37:16 | 000,025,600 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32pdh.pyd
MOD - [2013/11/07 19:37:16 | 000,022,528 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32ts.pyd
MOD - [2013/11/07 19:37:16 | 000,018,432 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32event.pyd
MOD - [2013/11/07 19:37:16 | 000,017,408 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32profile.pyd
MOD - [2013/11/07 19:37:16 | 000,011,264 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32crypt.pyd
MOD - [2013/11/07 19:37:16 | 000,010,240 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\select.pyd
MOD - [2013/11/01 23:27:52 | 003,558,400 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/09 01:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/09 01:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/09 01:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/09 01:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/09 01:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/09 01:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/08/23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/05/15 10:20:14 | 000,146,432 | ---- | M] () -- C:\Windows\Provider.dll
MOD - [2012/12/11 15:18:14 | 000,042,904 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\MouseHook.dll
MOD - [2012/05/18 18:59:54 | 003,538,944 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\ScreenCapture.exe
MOD - [2012/05/11 18:46:42 | 000,891,904 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\Data\G11_ScreenCapture\Forms\KeyboardLEDForm\KeyboardLEDForm.dll
MOD - [2012/04/27 10:40:54 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_Wheel4D.dll
MOD - [2012/02/07 10:20:12 | 002,413,568 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\Data\G11_ScreenCapture\Forms\ScreenCapture\ScreenCapture.dll
MOD - [2011/05/20 15:52:08 | 000,901,632 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\Data\G11_ScreenCapture\Forms\ProfileHint\ProfileHint.dll
MOD - [2011/04/12 14:14:04 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_AnalyzeGesturesInRight.dll
MOD - [2011/04/06 15:06:04 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_PenSuit.dll
MOD - [2011/03/21 18:33:16 | 000,999,424 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\Data\G11_ScreenCapture\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
MOD - [2011/01/09 19:45:54 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_MouseDeviceManager.dll
MOD - [2010/12/02 16:56:52 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\Data\G11_ScreenCapture\Forms\OSD_Text\OSD_Text.dll
MOD - [2010/11/01 19:16:00 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_AnalyzeGesturesInOne.dll
MOD - [2010/09/20 13:18:56 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_ZoomControl.dll
MOD - [2010/09/20 13:18:54 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_ScrollbarControl.dll
MOD - [2010/07/07 19:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/06/29 09:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2008/07/11 17:20:59 | 000,237,568 | ---- | M] () -- C:\Program Files\Hardware\Mouse\Amoumain.exe
MOD - [2008/06/14 06:18:14 | 000,065,536 | ---- | M] () -- C:\Program Files\Hardware\Keyboard\Ikeymain.exe
MOD - [2008/06/14 06:17:38 | 000,036,864 | ---- | M] () -- C:\Program Files\Hardware\Keyboard\Ikeyhook.dll
MOD - [2008/06/14 06:06:18 | 000,032,768 | ---- | M] () -- C:\Program Files\Hardware\Keyboard\Ikeyhid.dll
MOD - [2007/04/07 12:25:58 | 000,098,304 | ---- | M] () -- C:\Program Files\Hardware\Mouse\Amoures.dll
MOD - [2007/04/07 12:22:05 | 000,032,768 | ---- | M] () -- C:\Windows\SysWOW64\Amhooker.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/22 11:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/03/09 01:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2013/11/04 14:01:00 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/17 21:22:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/09/12 00:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/08/10 07:40:10 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/08/09 22:24:27 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013/08/09 22:24:12 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/07/25 07:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/23 15:03:46 | 001,079,376 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/17 21:22:42 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/08/10 07:40:10 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/08/10 07:40:09 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2013/08/10 07:40:08 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2013/08/10 07:40:01 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/03/11 01:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/04 13:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/09 13:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 08:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 08:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/07 21:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 21:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 21:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 21:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 21:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 21:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 21:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 21:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 21:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 21:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 21:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 21:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 21:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 21:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/04 14:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/25 00:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/09/22 00:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/02/13 09:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 04:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/02/16 20:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2013/11/07 19:37:13 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E E4 16 B4 3D 95 CE 01 [binary data]
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\SearchScopes\{0EA02EA1-DBC8-4f89-9370-9F8B62492D45}: "URL" = http://search.yahoo.com/search?p={searc ... &type=IEBD
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\SearchScopes\{D28F9752-605B-49b8-83DD-063BA6FDF61D}: "URL" = http://www.google.com/custom?client=pub ... earchTerms}
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E E4 16 B4 3D 95 CE 01 [binary data]
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\SearchScopes\{0EA02EA1-DBC8-4f89-9370-9F8B62492D45}: "URL" = http://search.yahoo.com/search?p={searc ... &type=IEBD
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\SearchScopes\{D28F9752-605B-49b8-83DD-063BA6FDF61D}: "URL" = http://www.google.com/custom?client=pub ... earchTerms}
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/08/09 22:19:32 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - Extension: Keyboard Shortcuts for Google Translate = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjhnbnjanndggbcegmdggfjjclohjpo\1.1.1.0_0\
CHR - Extension: Dokumenty Google = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disk Google = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: H\u013Eada\u0165 v Google = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tabs Outliner = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl\0.4.78_0\
CHR - Extension: Recent History = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmkfdfomhhlonpbnpiibloacemdhjjm\2.1.4.1_0\
CHR - Extension: LastPass = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.2_0\
CHR - Extension: Mapy Google = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Mural.ly = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhlnnalackljjehlfocmheepffkiihf\1.6.4_0\
CHR - Extension: Gmail = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/11/04 16:53:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [iKeyWorks] C:\Program Files\Hardware\Keyboard\Ikeymain.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Služba Acronis Scheduler2] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [WheelMouse] C:\Program Files\Hardware\Mouse\Amoumain.exe ()
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001..\Run: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe (Ashampoo Media GmbH & Co. KG)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001..\Run: [BitTorrent] C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001..\Run: [OscarEditor] C:\Program Files (x86)\G9G11_ScreenCapture\ScreenCapture.exe ()
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003..\Run: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe (Ashampoo Media GmbH & Co. KG)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003..\Run: [BitTorrent] C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sani\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\Provider.dll ()
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93D28B24-E6D1-45BE-8BCF-1F18F3B78312}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/27 02:09:18 | 000,000,000 | R--D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2005/07/26 23:59:10 | 000,000,055 | R--- | M] () - Z:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate C:\bootwiz\asrm.bin)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 14 Days ==========

[2013/11/06 20:56:51 | 000,000,000 | ---D | C] -- C:\Users\Sani\AppData\Roaming\SoundSpectrum
[2013/11/06 20:56:51 | 000,000,000 | ---D | C] -- C:\Users\Sani\AppData\Local\SoundSpectrum
[2013/11/04 17:10:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/04 17:10:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/11/04 16:44:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/04 16:44:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/04 16:44:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/04 16:33:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/04 16:33:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/04 16:30:00 | 000,000,000 | ---D | C] -- C:\Users\Sani\Desktop\rkill
[2013/11/04 15:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/11/04 14:08:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/04 14:01:00 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/04 14:01:00 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/04 13:55:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/11/04 12:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013/11/04 12:33:18 | 000,000,000 | ---D | C] -- C:\rsit
[2013/11/04 11:30:03 | 002,786,920 | ---- | C] (Acronis) -- C:\Windows\SysNative\auto_reactivate.exe
[2013/11/04 11:29:30 | 000,000,000 | R--D | C] -- C:\bootwiz
[2013/10/31 06:27:05 | 000,000,000 | ---D | C] -- C:\Users\Sani\AppData\Roaming\Malwarebytes
[2013/10/31 06:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/31 06:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/31 06:26:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/31 06:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/31 06:24:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/31 06:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/30 18:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

========== Files - Modified Within 14 Days ==========

[2013/11/07 19:48:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/11/07 19:44:32 | 000,014,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 19:44:32 | 000,014,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 19:37:14 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/07 19:37:13 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/11/07 19:37:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/07 19:37:07 | 3213,467,648 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/06 22:52:57 | 000,061,852 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013/11/06 22:52:57 | 000,061,852 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013/11/06 22:52:57 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013/11/06 22:21:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/06 22:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/04 16:53:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/04 14:50:32 | 000,001,047 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/11/04 14:50:17 | 000,001,013 | ---- | M] () -- C:\Users\Sani\Desktop\Dropbox.lnk
[2013/11/04 14:16:18 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2013/11/04 14:16:18 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2013/11/04 14:01:00 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/04 14:01:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/04 12:07:05 | 000,004,608 | ---- | M] () -- C:\Users\Sani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/04 11:30:03 | 002,786,920 | ---- | M] (Acronis) -- C:\Windows\SysNative\auto_reactivate.exe
[2013/11/04 11:26:35 | 000,001,344 | ---- | M] () -- C:\Users\Sani\Desktop\KMSELDI - odkaz.lnk
[2013/11/03 18:28:57 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/03 18:28:57 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/03 18:28:57 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/31 06:26:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/31 06:24:29 | 000,000,724 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/10/31 06:12:04 | 000,087,094 | -H-- | M] () -- C:\Windows\SysNative\KMSWrapper.dll
[2013/10/27 11:12:56 | 000,000,132 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\Adobe PNG Format CS6 Prefs

========== Files Created - No Company Name ==========

[2013/11/07 19:48:04 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/11/04 16:44:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/04 16:44:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/04 16:44:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/04 16:44:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/04 16:44:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/04 14:01:01 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/04 11:26:35 | 000,001,344 | ---- | C] () -- C:\Users\Sani\Desktop\KMSELDI - odkaz.lnk
[2013/10/31 06:26:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/31 06:24:29 | 000,000,724 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/10/19 19:03:53 | 000,717,985 | ---- | C] () -- C:\Windows\unins000.exe
[2013/10/19 19:03:53 | 000,146,432 | ---- | C] () -- C:\Windows\Provider.dll
[2013/10/19 19:03:51 | 000,001,603 | ---- | C] () -- C:\Windows\unins000.dat
[2013/10/08 21:54:00 | 000,000,132 | ---- | C] () -- C:\Users\Sani\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/09/19 18:06:08 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013/08/13 19:06:50 | 000,004,608 | ---- | C] () -- C:\Users\Sani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/09 22:27:07 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/08/09 22:27:07 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/08/09 22:26:42 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2013/08/09 21:20:13 | 000,764,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/02 15:40:39 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\Amhooker.dll

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/04 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Acronis
[2013/11/07 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\BitTorrent
[2013/09/28 17:55:14 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\BSplayer Pro
[2013/11/07 19:37:32 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Dropbox
[2013/08/10 00:05:09 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\GHISLER
[2013/08/09 23:22:19 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Imagenomic
[2013/09/20 22:32:09 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Mp3tag
[2013/11/06 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\SoundSpectrum
[2013/10/19 19:05:20 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Steinberg
[2013/10/19 15:52:55 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\VST3 Presets
[2013/08/10 00:26:44 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Wise Auto Shutdown

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,030,840 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/08/09 21:11:35 | 000,000,928 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/08/09 21:11:36 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/11/04 14:01:01 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows.old\Windows\SysWOW64\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows.old\Windows\System32\autochk.exe
[2009/07/14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2009/07/14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows.old\Windows\System32\drivers\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows.old\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows.old\Windows\System32\hal.dll
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows.old\Windows\System32\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\System32\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012/10/03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2010/11/20 14:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/01/04 06:41:01 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_0f6a6af57fd59de6\tcpip.sys
[2013/01/03 06:57:12 | 001,876,824 | ---- | M] (Microsoft Corporation) MD5=692969AB90BDA19F56E27BF89A9260E2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_0fe8397098fc3d71\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows.old\Windows\System32\drivers\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2013/07/06 06:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013/01/03 07:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013/01/04 06:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012/10/03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\erdnt\cache64\tcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[19 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013/11/04 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Acronis
[2013/08/22 19:42:51 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Adobe
[2013/11/07 20:13:18 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\BitTorrent
[2013/09/28 17:55:14 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\BSplayer Pro
[2013/11/07 19:37:32 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Dropbox
[2013/09/20 20:18:33 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\dvdcss
[2013/08/10 00:05:09 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\GHISLER
[2013/08/09 21:09:18 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Identities
[2013/08/09 23:22:19 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Imagenomic
[2013/08/09 21:59:49 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Macromedia
[2013/10/31 06:27:05 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Malwarebytes
[2009/07/14 08:54:32 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Media Center Programs
[2013/11/04 11:44:26 | 000,000,000 | --SD | M] -- C:\Users\Sani\AppData\Roaming\Microsoft
[2013/09/20 22:32:09 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Mp3tag
[2013/08/22 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\NVIDIA
[2013/10/03 20:34:33 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Skype
[2013/11/06 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\SoundSpectrum
[2013/10/19 19:05:20 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Steinberg
[2013/11/06 21:14:31 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\vlc
[2013/10/19 15:52:55 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\VST3 Presets
[2013/11/05 06:42:43 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Winamp
[2013/08/09 23:41:40 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\WinRAR
[2013/08/10 00:26:44 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Wise Auto Shutdown
[2013/11/07 19:37:15 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\WTablet

< %APPDATA%\*.exe /s >
[2013/08/14 14:47:51 | 000,884,576 | ---- | M] (BitTorrent Inc.) -- C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe
[2013/08/09 23:02:06 | 001,126,488 | ---- | M] (BitTorrent Inc.) -- C:\Users\Sani\AppData\Roaming\BitTorrent\updates\7.8.1_30004.exe
[2013/08/14 14:47:51 | 000,884,576 | ---- | M] (BitTorrent Inc.) -- C:\Users\Sani\AppData\Roaming\BitTorrent\updates\7.8.1_30016.exe
[2009/08/11 20:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\AC3 Filter\ac3config.exe
[2009/08/11 20:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\AC3 Filter\spdif_test.exe
[2010/03/22 13:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\AC3 Filter\unins000.exe
[2012/10/11 08:01:20 | 001,175,371 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\FFDShow\unins000.exe
[2010/08/14 09:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\Haali media splitter\dsmux.exe
[2010/08/14 09:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\Haali media splitter\gdsmux.exe
[2010/08/14 09:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\Haali media splitter\mkv2vfr.exe
[2010/09/30 14:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\Haali media splitter\uninstall.exe
[2013/11/01 23:29:06 | 029,769,432 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sani\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2013/11/01 23:30:24 | 000,229,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sani\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2013/10/03 23:20:26 | 000,919,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sani\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< %systemroot%\Tasks\*.job >
[2013/11/07 20:02:26 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/11/07 19:37:14 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/11/06 22:21:00 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BitTorrent" = "C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED -- [2013/08/14 14:47:51 | 000,884,576 | ---- | M] (BitTorrent Inc.)
"AshSnap" = C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe -- [2013/08/19 09:33:54 | 003,781,968 | ---- | M] (Ashampoo Media GmbH & Co. KG)
"GoogleDriveSync" = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart -- [2013/09/25 16:37:00 | 020,133,824 | ---- | M] (Google)
"OscarEditor" = "C:\Program Files (x86)\G9G11_ScreenCapture\ScreenCapture.exe" Minimum -- [2012/05/18 18:59:54 | 003,538,944 | ---- | M] ()
"RESTART_STICKY_NOTES" = C:\Windows\System32\StikyNot.exe

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013/08/10 05:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013/10/09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) MD5=3E399A1328181C2A352472369DE2A93A -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013/11/07 19:48:04 | 000,000,512 | ---- | M] () MD5=BC9D2E3BF0F20E4348990F67689E5D6F -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2013/10/19 16:38:10 | 488,437,684 | ---- | M] () -- \BitTorrent\AVID.Protools.9.0.Full.Install.incl.Loader.crack.1.1\Avid Pro Tools 9.0 loader crack 1.1.dmg
[2013/10/19 17:19:57 | 000,460,120 | R--- | M] () -- \BitTorrent\Steinberg.Cubase.v5.1.DVDR-AiRISO\Crack\crack installer.exe

< *keygen* /s >

< *loader* /s >
[2013/10/19 16:38:10 | 488,437,684 | ---- | M] () -- \BitTorrent\AVID.Protools.9.0.Full.Install.incl.Loader.crack.1.1\Avid Pro Tools 9.0 loader crack 1.1.dmg
[2013/10/05 16:59:12 | 000,004,096 | ---- | M] () -- \BitTorrent\Windows 7 Home Premium SP1 x64\Daz Loader 2.1.7\._Windows Loader v2.1.7.zip
[2013/10/05 16:59:13 | 001,673,061 | ---- | M] () -- \BitTorrent\Windows 7 Home Premium SP1 x64\Daz Loader 2.1.7\Windows Loader v2.1.7.zip
[2012/07/19 13:33:00 | 003,820,438 | ---- | M] () -- \BitTorrent\Windows 7 Home Premium SP1 x64\Daz Loader 2.1.7\Windows Loader\Windows Loader.exe

< End of report >

[sani.pd]

OTL logfile created on: 7. 11. 2013 19:45:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Net
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,99 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 46,37% Memory free
7,98 Gb Paging File | 5,18 Gb Available in Paging File | 64,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 250,00 Gb Total Space | 173,09 Gb Free Space | 69,24% Space Free | Partition Type: NTFS
Drive D: | 350,00 Gb Total Space | 77,84 Gb Free Space | 22,24% Space Free | Partition Type: NTFS
Drive E: | 331,22 Gb Total Space | 172,23 Gb Free Space | 52,00% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 616,01 Gb Free Space | 66,13% Space Free | Partition Type: NTFS
Drive Z: | 413,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SANI-PC | User Name: Sani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days

========== Processes (SafeList) ==========

PRC - [2013/11/07 19:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Net\OTL.exe
PRC - [2013/11/01 23:29:06 | 029,769,432 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sani\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/25 16:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/09/17 21:22:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/09/12 00:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/08/19 09:33:54 | 003,781,968 | ---- | M] (Ashampoo Media GmbH & Co. KG) -- C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe
PRC - [2013/08/14 14:47:51 | 000,884,576 | ---- | M] (BitTorrent Inc.) -- C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe
PRC - [2013/08/10 07:40:10 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/07/23 23:57:44 | 000,084,576 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/18 18:59:54 | 003,538,944 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\ScreenCapture.exe
PRC - [2011/09/22 11:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/09/23 14:59:56 | 000,391,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/09/23 14:57:06 | 005,502,312 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/09/02 15:49:40 | 002,536,752 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/07/07 19:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/07/07 19:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2008/12/29 15:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/07/11 17:20:59 | 000,237,568 | ---- | M] () -- C:\Program Files\Hardware\Mouse\Amoumain.exe
PRC - [2008/06/14 06:18:14 | 000,065,536 | ---- | M] () -- C:\Program Files\Hardware\Keyboard\Ikeymain.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/07 19:37:16 | 001,175,040 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._core_.pyd
MOD - [2013/11/07 19:37:16 | 001,153,024 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_ssl.pyd
MOD - [2013/11/07 19:37:16 | 001,062,400 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._controls_.pyd
MOD - [2013/11/07 19:37:16 | 000,811,008 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._windows_.pyd
MOD - [2013/11/07 19:37:16 | 000,805,888 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._gdi_.pyd
MOD - [2013/11/07 19:37:16 | 000,735,232 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._misc_.pyd
MOD - [2013/11/07 19:37:16 | 000,711,680 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_hashlib.pyd
MOD - [2013/11/07 19:37:16 | 000,686,080 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\unicodedata.pyd
MOD - [2013/11/07 19:37:16 | 000,557,056 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\pysqlite2._sqlite.pyd
MOD - [2013/11/07 19:37:16 | 000,504,832 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\windows._cacheinvalidation.pyd
MOD - [2013/11/07 19:37:16 | 000,364,544 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\pythoncom27.dll
MOD - [2013/11/07 19:37:16 | 000,320,512 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32com.shell.shell.pyd
MOD - [2013/11/07 19:37:16 | 000,128,512 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_elementtree.pyd
MOD - [2013/11/07 19:37:16 | 000,127,488 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\pyexpat.pyd
MOD - [2013/11/07 19:37:16 | 000,122,368 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._wizard.pyd
MOD - [2013/11/07 19:37:16 | 000,119,808 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32file.pyd
MOD - [2013/11/07 19:37:16 | 000,110,080 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\pywintypes27.dll
MOD - [2013/11/07 19:37:16 | 000,108,544 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32security.pyd
MOD - [2013/11/07 19:37:16 | 000,098,816 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32api.pyd
MOD - [2013/11/07 19:37:16 | 000,087,040 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_ctypes.pyd
MOD - [2013/11/07 19:37:16 | 000,070,656 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._html2.pyd
MOD - [2013/11/07 19:37:16 | 000,044,032 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_socket.pyd
MOD - [2013/11/07 19:37:16 | 000,038,912 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32inet.pyd
MOD - [2013/11/07 19:37:16 | 000,035,840 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32process.pyd
MOD - [2013/11/07 19:37:16 | 000,026,624 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_multiprocessing.pyd
MOD - [2013/11/07 19:37:16 | 000,025,600 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32pdh.pyd
MOD - [2013/11/07 19:37:16 | 000,022,528 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32ts.pyd
MOD - [2013/11/07 19:37:16 | 000,018,432 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32event.pyd
MOD - [2013/11/07 19:37:16 | 000,017,408 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32profile.pyd
MOD - [2013/11/07 19:37:16 | 000,011,264 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32crypt.pyd
MOD - [2013/11/07 19:37:16 | 000,010,240 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\select.pyd
MOD - [2013/11/01 23:27:52 | 003,558,400 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/09 01:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/09 01:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/09 01:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/09 01:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/09 01:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/09 01:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/08/23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/05/15 10:20:14 | 000,146,432 | ---- | M] () -- C:\Windows\Provider.dll
MOD - [2012/12/11 15:18:14 | 000,042,904 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\MouseHook.dll
MOD - [2012/05/18 18:59:54 | 003,538,944 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\ScreenCapture.exe
MOD - [2012/05/11 18:46:42 | 000,891,904 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\Data\G11_ScreenCapture\Forms\KeyboardLEDForm\KeyboardLEDForm.dll
MOD - [2012/04/27 10:40:54 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_Wheel4D.dll
MOD - [2012/02/07 10:20:12 | 002,413,568 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\Data\G11_ScreenCapture\Forms\ScreenCapture\ScreenCapture.dll
MOD - [2011/05/20 15:52:08 | 000,901,632 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\Data\G11_ScreenCapture\Forms\ProfileHint\ProfileHint.dll
MOD - [2011/04/12 14:14:04 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_AnalyzeGesturesInRight.dll
MOD - [2011/04/06 15:06:04 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_PenSuit.dll
MOD - [2011/03/21 18:33:16 | 000,999,424 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\Data\G11_ScreenCapture\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
MOD - [2011/01/09 19:45:54 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_MouseDeviceManager.dll
MOD - [2010/12/02 16:56:52 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\Data\G11_ScreenCapture\Forms\OSD_Text\OSD_Text.dll
MOD - [2010/11/01 19:16:00 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_AnalyzeGesturesInOne.dll
MOD - [2010/09/20 13:18:56 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_ZoomControl.dll
MOD - [2010/09/20 13:18:54 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\G9G11_ScreenCapture\dll\DLL_ScrollbarControl.dll
MOD - [2010/07/07 19:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/06/29 09:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2008/07/11 17:20:59 | 000,237,568 | ---- | M] () -- C:\Program Files\Hardware\Mouse\Amoumain.exe
MOD - [2008/06/14 06:18:14 | 000,065,536 | ---- | M] () -- C:\Program Files\Hardware\Keyboard\Ikeymain.exe
MOD - [2008/06/14 06:17:38 | 000,036,864 | ---- | M] () -- C:\Program Files\Hardware\Keyboard\Ikeyhook.dll
MOD - [2008/06/14 06:06:18 | 000,032,768 | ---- | M] () -- C:\Program Files\Hardware\Keyboard\Ikeyhid.dll
MOD - [2007/04/07 12:25:58 | 000,098,304 | ---- | M] () -- C:\Program Files\Hardware\Mouse\Amoures.dll
MOD - [2007/04/07 12:22:05 | 000,032,768 | ---- | M] () -- C:\Windows\SysWOW64\Amhooker.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/22 11:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/03/09 01:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2013/11/04 14:01:00 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/17 21:22:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/09/12 00:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/08/10 07:40:10 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/08/09 22:24:27 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013/08/09 22:24:12 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/07/25 07:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/23 15:03:46 | 001,079,376 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/17 21:22:42 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/08/10 07:40:10 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/08/10 07:40:09 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2013/08/10 07:40:08 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2013/08/10 07:40:01 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/03/11 01:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/04 13:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/09 13:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 08:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 08:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/07 21:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 21:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 21:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 21:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 21:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 21:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 21:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 21:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 21:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 21:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 21:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 21:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 21:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 21:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/04 14:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/25 00:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/09/22 00:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/02/13 09:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 04:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/02/16 20:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2013/11/07 19:37:13 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E E4 16 B4 3D 95 CE 01 [binary data]
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\SearchScopes\{0EA02EA1-DBC8-4f89-9370-9F8B62492D45}: "URL" = http://search.yahoo.com/search?p={searc ... &type=IEBD
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\SearchScopes\{D28F9752-605B-49b8-83DD-063BA6FDF61D}: "URL" = http://www.google.com/custom?client=pub ... earchTerms}
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E E4 16 B4 3D 95 CE 01 [binary data]
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\SearchScopes\{0EA02EA1-DBC8-4f89-9370-9F8B62492D45}: "URL" = http://search.yahoo.com/search?p={searc ... &type=IEBD
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\SearchScopes\{D28F9752-605B-49b8-83DD-063BA6FDF61D}: "URL" = http://www.google.com/custom?client=pub ... earchTerms}
IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/08/09 22:19:32 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - Extension: Keyboard Shortcuts for Google Translate = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjhnbnjanndggbcegmdggfjjclohjpo\1.1.1.0_0\
CHR - Extension: Dokumenty Google = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disk Google = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: H\u013Eada\u0165 v Google = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tabs Outliner = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl\0.4.78_0\
CHR - Extension: Recent History = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmkfdfomhhlonpbnpiibloacemdhjjm\2.1.4.1_0\
CHR - Extension: LastPass = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.2_0\
CHR - Extension: Mapy Google = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Mural.ly = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhlnnalackljjehlfocmheepffkiihf\1.6.4_0\
CHR - Extension: Gmail = C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/11/04 16:53:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [iKeyWorks] C:\Program Files\Hardware\Keyboard\Ikeymain.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Služba Acronis Scheduler2] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [WheelMouse] C:\Program Files\Hardware\Mouse\Amoumain.exe ()
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001..\Run: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe (Ashampoo Media GmbH & Co. KG)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001..\Run: [BitTorrent] C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001..\Run: [OscarEditor] C:\Program Files (x86)\G9G11_ScreenCapture\ScreenCapture.exe ()
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003..\Run: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe (Ashampoo Media GmbH & Co. KG)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003..\Run: [BitTorrent] C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sani\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\Provider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\Provider.dll ()
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93D28B24-E6D1-45BE-8BCF-1F18F3B78312}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/27 02:09:18 | 000,000,000 | R--D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2005/07/26 23:59:10 | 000,000,055 | R--- | M] () - Z:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate C:\bootwiz\asrm.bin)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 14 Days ==========

[2013/11/06 20:56:51 | 000,000,000 | ---D | C] -- C:\Users\Sani\AppData\Roaming\SoundSpectrum
[2013/11/06 20:56:51 | 000,000,000 | ---D | C] -- C:\Users\Sani\AppData\Local\SoundSpectrum
[2013/11/04 17:10:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/04 17:10:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/11/04 16:44:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/04 16:44:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/04 16:44:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/04 16:33:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/04 16:33:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/04 16:30:00 | 000,000,000 | ---D | C] -- C:\Users\Sani\Desktop\rkill
[2013/11/04 15:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/11/04 14:08:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/04 14:01:00 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/04 14:01:00 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/04 13:55:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/11/04 12:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013/11/04 12:33:18 | 000,000,000 | ---D | C] -- C:\rsit
[2013/11/04 11:30:03 | 002,786,920 | ---- | C] (Acronis) -- C:\Windows\SysNative\auto_reactivate.exe
[2013/11/04 11:29:30 | 000,000,000 | R--D | C] -- C:\bootwiz
[2013/10/31 06:27:05 | 000,000,000 | ---D | C] -- C:\Users\Sani\AppData\Roaming\Malwarebytes
[2013/10/31 06:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/31 06:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/31 06:26:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/31 06:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/31 06:24:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/31 06:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/30 18:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

========== Files - Modified Within 14 Days ==========

[2013/11/07 19:48:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/11/07 19:44:32 | 000,014,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 19:44:32 | 000,014,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 19:37:14 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/07 19:37:13 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/11/07 19:37:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/07 19:37:07 | 3213,467,648 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/06 22:52:57 | 000,061,852 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013/11/06 22:52:57 | 000,061,852 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013/11/06 22:52:57 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2013/11/06 22:21:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/06 22:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/04 16:53:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/04 14:50:32 | 000,001,047 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/11/04 14:50:17 | 000,001,013 | ---- | M] () -- C:\Users\Sani\Desktop\Dropbox.lnk
[2013/11/04 14:16:18 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2013/11/04 14:16:18 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2013/11/04 14:01:00 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/04 14:01:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/04 12:07:05 | 000,004,608 | ---- | M] () -- C:\Users\Sani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/04 11:30:03 | 002,786,920 | ---- | M] (Acronis) -- C:\Windows\SysNative\auto_reactivate.exe
[2013/11/04 11:26:35 | 000,001,344 | ---- | M] () -- C:\Users\Sani\Desktop\KMSELDI - odkaz.lnk
[2013/11/03 18:28:57 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/03 18:28:57 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/03 18:28:57 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/31 06:26:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/31 06:24:29 | 000,000,724 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/10/31 06:12:04 | 000,087,094 | -H-- | M] () -- C:\Windows\SysNative\KMSWrapper.dll
[2013/10/27 11:12:56 | 000,000,132 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\Adobe PNG Format CS6 Prefs

========== Files Created - No Company Name ==========

[2013/11/07 19:48:04 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/11/04 16:44:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/04 16:44:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/04 16:44:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/04 16:44:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/04 16:44:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/04 14:01:01 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/04 11:26:35 | 000,001,344 | ---- | C] () -- C:\Users\Sani\Desktop\KMSELDI - odkaz.lnk
[2013/10/31 06:26:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/31 06:24:29 | 000,000,724 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/10/19 19:03:53 | 000,717,985 | ---- | C] () -- C:\Windows\unins000.exe
[2013/10/19 19:03:53 | 000,146,432 | ---- | C] () -- C:\Windows\Provider.dll
[2013/10/19 19:03:51 | 000,001,603 | ---- | C] () -- C:\Windows\unins000.dat
[2013/10/08 21:54:00 | 000,000,132 | ---- | C] () -- C:\Users\Sani\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/09/19 18:06:08 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013/08/13 19:06:50 | 000,004,608 | ---- | C] () -- C:\Users\Sani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/09 22:27:07 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/08/09 22:27:07 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/08/09 22:26:42 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2013/08/09 21:20:13 | 000,764,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/02 15:40:39 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\Amhooker.dll

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/04 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Acronis
[2013/11/07 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\BitTorrent
[2013/09/28 17:55:14 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\BSplayer Pro
[2013/11/07 19:37:32 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Dropbox
[2013/08/10 00:05:09 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\GHISLER
[2013/08/09 23:22:19 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Imagenomic
[2013/09/20 22:32:09 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Mp3tag
[2013/11/06 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\SoundSpectrum
[2013/10/19 19:05:20 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Steinberg
[2013/10/19 15:52:55 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\VST3 Presets
[2013/08/10 00:26:44 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Wise Auto Shutdown

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,030,840 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/08/09 21:11:35 | 000,000,928 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/08/09 21:11:36 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/11/04 14:01:01 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows.old\Windows\SysWOW64\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows.old\Windows\System32\autochk.exe
[2009/07/14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2009/07/14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows.old\Windows\System32\drivers\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows.old\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows.old\Windows\System32\hal.dll
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows.old\Windows\System32\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\System32\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012/10/03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2010/11/20 14:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/01/04 06:41:01 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_0f6a6af57fd59de6\tcpip.sys
[2013/01/03 06:57:12 | 001,876,824 | ---- | M] (Microsoft Corporation) MD5=692969AB90BDA19F56E27BF89A9260E2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_0fe8397098fc3d71\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows.old\Windows\System32\drivers\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2013/07/06 06:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013/01/03 07:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013/01/04 06:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012/10/03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\erdnt\cache64\tcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[19 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013/11/04 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Acronis
[2013/08/22 19:42:51 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Adobe
[2013/11/07 20:13:18 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\BitTorrent
[2013/09/28 17:55:14 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\BSplayer Pro
[2013/11/07 19:37:32 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Dropbox
[2013/09/20 20:18:33 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\dvdcss
[2013/08/10 00:05:09 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\GHISLER
[2013/08/09 21:09:18 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Identities
[2013/08/09 23:22:19 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Imagenomic
[2013/08/09 21:59:49 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Macromedia
[2013/10/31 06:27:05 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Malwarebytes
[2009/07/14 08:54:32 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Media Center Programs
[2013/11/04 11:44:26 | 000,000,000 | --SD | M] -- C:\Users\Sani\AppData\Roaming\Microsoft
[2013/09/20 22:32:09 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Mp3tag
[2013/08/22 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\NVIDIA
[2013/10/03 20:34:33 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Skype
[2013/11/06 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\SoundSpectrum
[2013/10/19 19:05:20 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Steinberg
[2013/11/06 21:14:31 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\vlc
[2013/10/19 15:52:55 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\VST3 Presets
[2013/11/05 06:42:43 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Winamp
[2013/08/09 23:41:40 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\WinRAR
[2013/08/10 00:26:44 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\Wise Auto Shutdown
[2013/11/07 19:37:15 | 000,000,000 | ---D | M] -- C:\Users\Sani\AppData\Roaming\WTablet

< %APPDATA%\*.exe /s >
[2013/08/14 14:47:51 | 000,884,576 | ---- | M] (BitTorrent Inc.) -- C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe
[2013/08/09 23:02:06 | 001,126,488 | ---- | M] (BitTorrent Inc.) -- C:\Users\Sani\AppData\Roaming\BitTorrent\updates\7.8.1_30004.exe
[2013/08/14 14:47:51 | 000,884,576 | ---- | M] (BitTorrent Inc.) -- C:\Users\Sani\AppData\Roaming\BitTorrent\updates\7.8.1_30016.exe
[2009/08/11 20:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\AC3 Filter\ac3config.exe
[2009/08/11 20:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\AC3 Filter\spdif_test.exe
[2010/03/22 13:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\AC3 Filter\unins000.exe
[2012/10/11 08:01:20 | 001,175,371 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\FFDShow\unins000.exe
[2010/08/14 09:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\Haali media splitter\dsmux.exe
[2010/08/14 09:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\Haali media splitter\gdsmux.exe
[2010/08/14 09:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\Haali media splitter\mkv2vfr.exe
[2010/09/30 14:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Sani\AppData\Roaming\BSplayer Pro\Haali media splitter\uninstall.exe
[2013/11/01 23:29:06 | 029,769,432 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sani\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2013/11/01 23:30:24 | 000,229,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sani\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2013/10/03 23:20:26 | 000,919,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sani\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< %systemroot%\Tasks\*.job >
[2013/11/07 20:02:26 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/11/07 19:37:14 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/11/06 22:21:00 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BitTorrent" = "C:\Users\Sani\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED -- [2013/08/14 14:47:51 | 000,884,576 | ---- | M] (BitTorrent Inc.)
"AshSnap" = C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe -- [2013/08/19 09:33:54 | 003,781,968 | ---- | M] (Ashampoo Media GmbH & Co. KG)
"GoogleDriveSync" = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart -- [2013/09/25 16:37:00 | 020,133,824 | ---- | M] (Google)
"OscarEditor" = "C:\Program Files (x86)\G9G11_ScreenCapture\ScreenCapture.exe" Minimum -- [2012/05/18 18:59:54 | 003,538,944 | ---- | M] ()
"RESTART_STICKY_NOTES" = C:\Windows\System32\StikyNot.exe

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013/08/10 05:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013/10/09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) MD5=3E399A1328181C2A352472369DE2A93A -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013/11/07 19:48:04 | 000,000,512 | ---- | M] () MD5=BC9D2E3BF0F20E4348990F67689E5D6F -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2013/10/19 16:38:10 | 488,437,684 | ---- | M] () -- \BitTorrent\AVID.Protools.9.0.Full.Install.incl.Loader.crack.1.1\Avid Pro Tools 9.0 loader crack 1.1.dmg
[2013/10/19 17:19:57 | 000,460,120 | R--- | M] () -- \BitTorrent\Steinberg.Cubase.v5.1.DVDR-AiRISO\Crack\crack installer.exe

< *keygen* /s >

< *loader* /s >
[2013/10/19 16:38:10 | 488,437,684 | ---- | M] () -- \BitTorrent\AVID.Protools.9.0.Full.Install.incl.Loader.crack.1.1\Avid Pro Tools 9.0 loader crack 1.1.dmg
[2013/10/05 16:59:12 | 000,004,096 | ---- | M] () -- \BitTorrent\Windows 7 Home Premium SP1 x64\Daz Loader 2.1.7\._Windows Loader v2.1.7.zip
[2013/10/05 16:59:13 | 001,673,061 | ---- | M] () -- \BitTorrent\Windows 7 Home Premium SP1 x64\Daz Loader 2.1.7\Windows Loader v2.1.7.zip
[2012/07/19 13:33:00 | 003,820,438 | ---- | M] () -- \BitTorrent\Windows 7 Home Premium SP1 x64\Daz Loader 2.1.7\Windows Loader\Windows Loader.exe

< End of report >

[sani.pd]

OTL Extras logfile created on: 7. 11. 2013 19:45:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Net
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,99 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 46,37% Memory free
7,98 Gb Paging File | 5,18 Gb Available in Paging File | 64,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 250,00 Gb Total Space | 173,09 Gb Free Space | 69,24% Space Free | Partition Type: NTFS
Drive D: | 350,00 Gb Total Space | 77,84 Gb Free Space | 22,24% Space Free | Partition Type: NTFS
Drive E: | 331,22 Gb Total Space | 172,23 Gb Free Space | 52,00% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 616,01 Gb Free Space | 66,13% Space Free | Partition Type: NTFS
Drive Z: | 413,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SANI-PC | User Name: Sani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2179305097-2225650138-2842843989-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18A12F53-4D0E-4506-B44A-8B393FF4AB1D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23D16873-D64E-4FFA-99DF-7D1B8F776441}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{261B6F22-C90E-4BB1-A08A-522DC5BA2C86}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3031CC3C-262F-4348-B0FA-8E387FAABEAE}" = lport=138 | protocol=17 | dir=in | app=system |
"{4ED4B4F2-3863-4573-B7F5-7910C5BD8E06}" = rport=138 | protocol=17 | dir=out | app=system |
"{50E04165-6202-468F-8E28-7D491E0C6311}" = rport=139 | protocol=6 | dir=out | app=system |
"{536E1D7C-A557-429F-8EC1-F568518A7BBF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{55EB3B3E-1DB0-43F1-B9AC-AE27A9D2237D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CF3F8D6-3D6A-4499-A0FB-38CB310B151D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{606DE204-94FF-440E-A371-50D0BDA732B0}" = rport=137 | protocol=17 | dir=out | app=system |
"{82539973-2EE2-4D5E-8171-9884BB7B678A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FC45078-D1E7-4BF9-8766-611B5674C41D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D9C83D3-E843-4869-955C-391C2B2E1C9A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A916B44A-8AD7-43E7-8250-A248CF0D91A5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B0FD1F5B-5C58-4B3A-9342-C85E8D26CD05}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B59C1F51-819C-4349-844D-9EB4C492AF41}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4415315-BD27-4A5D-B0CD-325496B33270}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF59CB23-8929-460F-AE40-413FCE954B6F}" = lport=445 | protocol=6 | dir=in | app=system |
"{D9C9CCFD-419A-45D5-8100-F639FB4DFC5B}" = rport=445 | protocol=6 | dir=out | app=system |
"{E283AF70-2A04-4688-A7E9-9D026A47BA2F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F5359CE1-61D1-424D-B852-229562645BDE}" = lport=137 | protocol=17 | dir=in | app=system |
"{F61BACF8-E64E-4D4B-A239-5D0276B02E25}" = lport=139 | protocol=6 | dir=in | app=system |
"{F833BE23-E3A3-4EE7-95BF-F1BDF198D513}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0376B2AB-5EC0-4ECB-8F28-9AB799F5B340}" = protocol=6 | dir=in | app=c:\windows\system32\kmsserver.exe |
"{0D3F3D8D-A967-4E63-8D56-9DEE8DAD2709}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{25E31C81-2086-43CA-A0B2-1759483F0AB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{288B1690-EA6E-44BA-9C6A-FD5C4C77F031}" = protocol=17 | dir=in | app=c:\windows\system32\kmsserver.exe |
"{2D836795-27B1-497D-ADD7-1D0C4C269AE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DEFC82F-9708-44C3-90AF-124A94B17936}" = protocol=17 | dir=in | app=c:\windows\system32\kmsserver.exe |
"{3E9EEF6A-6DE5-4A17-9BB4-DBDFB67FD4E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59C5AFBC-166C-468C-8F4A-DCF67C87FE0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5DF1D0E0-695D-4D88-B1D2-7209AF9CF627}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5E3135CE-D556-4A48-9CE1-1577B0D3A3C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5EA3A18A-49C7-42F9-AEC9-EC8B7FEC18D8}" = protocol=6 | dir=in | app=c:\windows\system32\kmsserver.exe |
"{634021C0-9573-451F-9640-927433E2F218}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6559B569-B7AB-499A-8F65-A94E0E0E5C6C}" = protocol=6 | dir=in | app=c:\users\sani\appdata\roaming\bittorrent\bittorrent.exe |
"{66D66C86-2741-471F-8889-40C86AE6B2AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{704D9C0E-C764-45C7-9DC2-5208709A4DBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7509CD0D-7BAD-48D8-AC74-28641F4DFD20}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7FB9F19B-1E56-4DEE-A74A-B074A1604A68}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8FBCEF7E-D645-41DD-8F0C-595C8B55FA08}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{964D2D04-7977-4F22-B631-EFF20C132B2E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A00B2C18-816C-42D2-B4C1-EBB5120B6448}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AB93FD8D-0D7D-4820-9911-E16401EC8A8D}" = protocol=17 | dir=in | app=c:\program files\kmspico\kmsserver.exe |
"{AC74C202-E1F0-4C60-8B54-D6A6E04F6B72}" = protocol=6 | dir=out | app=system |
"{B60874AF-8134-42B2-AB45-087A8B453583}" = protocol=6 | dir=in | app=c:\users\sani\appdata\roaming\dropbox\bin\dropbox.exe |
"{B678A236-2AE2-43C9-988D-78BB5E9AF67B}" = protocol=6 | dir=in | app=c:\program files\kmspico\kmseldi.exe |
"{C09087A5-8171-44DF-B5C7-D7D3F06CF41A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C54C8C40-2E2B-4E44-8711-6EF1C7F264CB}" = protocol=6 | dir=in | app=c:\program files\kmspico\kmsserver.exe |
"{C9B27EDB-31B6-45C1-81F2-FA34987AFDFB}" = protocol=17 | dir=in | app=c:\users\sani\appdata\roaming\dropbox\bin\dropbox.exe |
"{CC3A4915-69B7-4104-B35C-21F77D009119}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE6909A0-3859-4AA4-B024-F27D2FA189BF}" = protocol=17 | dir=in | app=c:\users\sani\appdata\roaming\bittorrent\bittorrent.exe |
"{CED32534-7FB7-4342-95E5-87F353CBDDE5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D83C472C-C35A-4D95-B114-C7558B781E4A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DA41B2A6-233F-4ADE-AB2A-5FF1FE85CDCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCC60FE6-CC3E-4445-BBA3-7D9EAF3EB9D9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE5E6906-41E2-4227-840C-C16993C633AB}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{EE3E506D-11F1-477D-AD9E-12DAB1991769}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF2D50F0-228B-4AC9-AFC7-316DE10D1AA3}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{F79B1E3C-558E-4669-BE43-9686EFFC20F9}" = protocol=17 | dir=in | app=c:\program files\kmspico\kmseldi.exe |
"{F88ED626-E741-4A07-9ACC-D4DF2FF932A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{F3F5D857-8CCE-4EB6-9ABD-AB57BD131CDF}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{FBDD0ED7-3F83-4851-85BD-C901737ADFAC}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe |
"UDP Query User{0679FDE2-AE87-41CD-ABFA-D5B909A27861}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{B827E30A-4933-4BB5-B828-0A6E23CE4CAF}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{609BAA80-8C82-48F9-B33A-018E1E2D6637}" = ESET NOD32 Antivirus
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-041B-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Slovak) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovládač 3D Vision 327.23
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafický ovládač 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Softvér systému s podporou technológie PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizácie NVIDIA 1.14.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovládač zvuku HD 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"A4TechOEM iKeyWorks" = iKeyWorks 7.80
"CCleaner" = CCleaner
"ImagenomicNoisewarePlugin" = Imagenomic Noiseware 5.0 Plug-in (build 5006)
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.3 Plug-in (build 2308)
"KMSpico v7_is1" = KMSpico 7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"USB_AUDIO_DEusb-audio.deMaya44" = Maya44 USB ASIO driver
"WheelMouse" = 2X-Office 7.80
"WinRAR archiver" = WinRAR archivátor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{3F87539C-BD1B-4529-8F13-8B3599A51D6C}" = Office Shuttle Software
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2010
"{90140000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2010
"{90140000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2010
"{90140000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2010
"{90140000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2010
"{90140000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2010
"{90140000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2010
"{90140000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2010
"{90140000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2010
"{90140000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI - Czech
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C92AB6F1-770F-EA32-6CF7-8A0792FA1A4B}_is1" = Ashampoo Snap 6 v.6.0.3
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aeon" = Aeon
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio Control Panel
"BSPlayerp" = BS.Player PRO
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"FastStone Image Viewer" = FastStone Image Viewer 4.8
"Google Chrome" = Google Chrome
"InstallShield_{3F87539C-BD1B-4529-8F13-8B3599A51D6C}" = Office Shuttle Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzia 1.75.0.1300
"Mp3tag" = Mp3tag v2.57
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Service Center" = Native Instruments Service Center
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Steinberg HALion v3.5_is1" = Steinberg HALion VSTi DXi v3.5
"SysInfo" = Creative System Information
"Vextractor_is1" = Vextractor 3.94
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.7
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"Wise Auto Shutdown_is1" = Wise Auto Shutdown 1.25

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2179305097-2225650138-2842843989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2179305097-2225650138-2842843989-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4. 11. 2013 11:52:59 | Computer Name = Sani-PC | Source = TabletServiceWacom | ID = 1
Description =

Error - 4. 11. 2013 11:52:59 | Computer Name = Sani-PC | Source = TabletServiceWacom | ID = 1
Description =

Error - 4. 11. 2013 11:52:59 | Computer Name = Sani-PC | Source = TabletServiceWacom | ID = 1
Description =

Error - 4. 11. 2013 11:52:59 | Computer Name = Sani-PC | Source = TabletServiceWacom | ID = 268369921
Description = TabletService Error: Could not init tablet driver

[ System Events ]
Error - 4. 11. 2013 11:33:32 | Computer Name = Sani-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Server, od ktorej závisí služba Computer Browser,
zlyhalo kvôli nasledujúcej chybe: %%1068

Error - 4. 11. 2013 11:33:32 | Computer Name = Sani-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Server, od ktorej závisí služba Computer Browser,
zlyhalo kvôli nasledujúcej chybe: %%1068

Error - 4. 11. 2013 11:33:32 | Computer Name = Sani-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Server, od ktorej závisí služba Computer Browser,
zlyhalo kvôli nasledujúcej chybe: %%1068

Error - 4. 11. 2013 11:33:32 | Computer Name = Sani-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Server, od ktorej závisí služba Computer Browser,
zlyhalo kvôli nasledujúcej chybe: %%1068

Error - 4. 11. 2013 11:48:24 | Computer Name = Sani-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 4. 11. 2013 11:50:48 | Computer Name = Sani-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 4. 11. 2013 11:51:26 | Computer Name = Sani-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 4. 11. 2013 12:06:52 | Computer Name = Sani-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 4. 11. 2013 12:09:01 | Computer Name = Sani-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 4. 11. 2013 13:54:03 | Computer Name = Sani-PC | Source = DCOM | ID = 10010
Description =


< End of report >

[vyosek]

Co povite na pravidlo, ze nelegalnimi systemy se nezabyvame A vy mate zcela evidentne nelegalni\cracknuty system

[sani.pd]

Priznam sa, ze toto pravidlo neregistrujem a ani ma to nenapadlo riesit.. Pocitac mam od rodiny a o toto som sa nestarala.

[vyosek]

Je to jedno ze zakladnich pravidel fora a kazdy uzivatel je povinnen je znat a dodrzovat. Tentokrat to uz dodelame kdyz jsme to rozrypali, ale priste bude pomoc odmitnuta

Odinstalujte McAfee Security Scan a pak pouzijte jeste http://download.mcafee.com/products/lic ... s/MCPR.exe

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  MOD - [2013/11/07 19:37:16 | 001,175,040 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._core_.pyd
  MOD - [2013/11/07 19:37:16 | 001,153,024 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_ssl.pyd
  MOD - [2013/11/07 19:37:16 | 001,062,400 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._controls_.pyd
  MOD - [2013/11/07 19:37:16 | 000,811,008 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._windows_.pyd
  MOD - [2013/11/07 19:37:16 | 000,805,888 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._gdi_.pyd
  MOD - [2013/11/07 19:37:16 | 000,735,232 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._misc_.pyd
  MOD - [2013/11/07 19:37:16 | 000,711,680 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_hashlib.pyd
  MOD - [2013/11/07 19:37:16 | 000,686,080 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\unicodedata.pyd
  MOD - [2013/11/07 19:37:16 | 000,557,056 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\pysqlite2._sqlite.pyd
  MOD - [2013/11/07 19:37:16 | 000,504,832 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\windows._cacheinvalidation.pyd
  MOD - [2013/11/07 19:37:16 | 000,364,544 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\pythoncom27.dll
  MOD - [2013/11/07 19:37:16 | 000,320,512 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32com.shell.shell.pyd
  MOD - [2013/11/07 19:37:16 | 000,128,512 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_elementtree.pyd
  MOD - [2013/11/07 19:37:16 | 000,127,488 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\pyexpat.pyd
  MOD - [2013/11/07 19:37:16 | 000,122,368 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._wizard.pyd
  MOD - [2013/11/07 19:37:16 | 000,119,808 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32file.pyd
  MOD - [2013/11/07 19:37:16 | 000,110,080 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\pywintypes27.dll
  MOD - [2013/11/07 19:37:16 | 000,108,544 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32security.pyd
  MOD - [2013/11/07 19:37:16 | 000,098,816 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32api.pyd
  MOD - [2013/11/07 19:37:16 | 000,087,040 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_ctypes.pyd
  MOD - [2013/11/07 19:37:16 | 000,070,656 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\wx._html2.pyd
  MOD - [2013/11/07 19:37:16 | 000,044,032 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_socket.pyd
  MOD - [2013/11/07 19:37:16 | 000,038,912 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32inet.pyd
  MOD - [2013/11/07 19:37:16 | 000,035,840 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32process.pyd
  MOD - [2013/11/07 19:37:16 | 000,026,624 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\_multiprocessing.pyd
  MOD - [2013/11/07 19:37:16 | 000,025,600 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32pdh.pyd
  MOD - [2013/11/07 19:37:16 | 000,022,528 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32ts.pyd
  MOD - [2013/11/07 19:37:16 | 000,018,432 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32event.pyd
  MOD - [2013/11/07 19:37:16 | 000,017,408 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32profile.pyd
  MOD - [2013/11/07 19:37:16 | 000,011,264 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\win32crypt.pyd
  MOD - [2013/11/07 19:37:16 | 000,010,240 | ---- | M] () -- C:\Users\Sani\AppData\Local\Temp\_MEI33002\select.pyd
  
  IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  IE - HKLM\..\SearchScopes,DefaultScope =
  IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E E4 16 B4 3D 95 CE 01 [binary data]
  IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found
  IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\SearchScopes,DefaultScope =
  IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
  IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\SearchScopes\{0EA02EA1-DBC8-4f89-9370-9F8B62492D45}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
  IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\..\SearchScopes\{D28F9752-605B-49b8-83DD-063BA6FDF61D}: "URL" = http://www.google.com/custom?client=pub ... 1&hl=sk&q={searchTerms}
  IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E E4 16 B4 3D 95 CE 01 [binary data]
  IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found
  IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\SearchScopes,DefaultScope =
  IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
  IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\SearchScopes\{0EA02EA1-DBC8-4f89-9370-9F8B62492D45}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
  IE - HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\..\SearchScopes\{D28F9752-605B-49b8-83DD-063BA6FDF61D}: "URL" = http://www.google.com/custom?client=pub ... 1&hl=sk&q={searchTerms}
  
  FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  
  CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
  
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O13 - gopher Prefix: missing
  O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
  O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  
  [2013/11/04 16:30:00 | 000,000,000 | ---D | C] -- C:\Users\Sani\Desktop\rkill
  [2013/11/04 15:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
  [2013/10/31 06:24:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
  [2013/10/31 06:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
  [2013/10/30 18:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
  [2013/11/07 20:02:26 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
  [2013/11/07 19:37:14 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
  [2013/11/06 22:21:00 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\BitTorrent\AVID.Protools.9.0.Full.Install.incl.Loader.crack.1.1\Avid Pro Tools 9.0 loader crack 1.1.dmg
  c:\BitTorrent\Windows 7 Home Premium SP1 x64\Daz Loader 2.1.7\
  
  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "AdobeAAMUpdater-1.0"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "AdobeBridge"=-
  "BitTorrent"=-
  [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
  "VirtualCloneDrive"=-
  "BCSSync"=-
  "SwitchBoard"=-
  "AdobeCS6ServiceManager"=-
  "Adobe ARM"=-
  "WinampAgent"=-
  
  :files
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[sani.pd]

Dobry vecer, dakujem za ochotu. Vazim si to. Podporim forum.

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2179305097-2225650138-2842843989-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully.
HKEY_USERS\S-1-5-21-2179305097-2225650138-2842843989-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2179305097-2225650138-2842843989-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2179305097-2225650138-2842843989-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0EA02EA1-DBC8-4f89-9370-9F8B62492D45}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EA02EA1-DBC8-4f89-9370-9F8B62492D45}\ not found.
Registry key HKEY_USERS\S-1-5-21-2179305097-2225650138-2842843989-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D28F9752-605B-49b8-83DD-063BA6FDF61D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D28F9752-605B-49b8-83DD-063BA6FDF61D}\ not found.
HKU\S-1-5-21-2179305097-2225650138-2842843989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2179305097-2225650138-2842843989-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2179305097-2225650138-2842843989-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ not found.
HKEY_USERS\S-1-5-21-2179305097-2225650138-2842843989-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2179305097-2225650138-2842843989-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2179305097-2225650138-2842843989-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0EA02EA1-DBC8-4f89-9370-9F8B62492D45}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EA02EA1-DBC8-4f89-9370-9F8B62492D45}\ not found.
Registry key HKEY_USERS\S-1-5-21-2179305097-2225650138-2842843989-1003\Software\Microsoft\Internet Explorer\SearchScopes\{D28F9752-605B-49b8-83DD-063BA6FDF61D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D28F9752-605B-49b8-83DD-063BA6FDF61D}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
File C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Sani\Desktop\rkill folder moved successfully.
C:\Program Files\HitmanPro folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\Sani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\Sani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\Sani\AppData\Roaming\Microsoft\Windows\Start Menu folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\Sani\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\Sani\AppData\Roaming\Microsoft folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\Sani\AppData\Roaming folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\Sani\AppData folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\Sani folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TornTV.com\log folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TornTV.com folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DeviceVM\Browser Configuration Utility\template folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DeviceVM\Browser Configuration Utility\icon folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DeviceVM\Browser Configuration Utility folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DeviceVM folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86) folder moved successfully.
C:\AdwCleaner\Quarantine\C folder moved successfully.
C:\AdwCleaner\Quarantine folder moved successfully.
C:\AdwCleaner folder moved successfully.
C:\ProgramData\HitmanPro\Quarantine folder moved successfully.
C:\ProgramData\HitmanPro\Logs folder moved successfully.
C:\ProgramData\HitmanPro folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Cleaning folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\VirtualCloneDrive deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\BCSSync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sani
->Temp folder emptied: 60590962 bytes
->Temporary Internet Files folder emptied: 22292575 bytes
->Google Chrome cache emptied: 298560841 bytes
->Flash cache emptied: 576 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1482 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43256543 bytes
RecycleBin emptied: 3600416 bytes

Total Files Cleaned = 408,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sani
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Sani

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11092013_114634

Files\Folders moved on Reboot...
C:\Users\Sani\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sani\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Problem zatial stale pretrvava bez zmeny