Prosím o kontrolu

[Universal]

Ahoj, v poslední době jsem trochu paranoidní. Omylem jsem si nainstaloval spyware (Conduit Search), takže jsem se vracel pres restore point. Ale stejně pořád nespím úplně klidně :/

Kód: Vybrat vše

Logfile of random's system information tool 1.09 (written by random/random)
Run by Universal at 2014-02-22 19:34:13
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 15 GB (17%) free of 88 GB
Total RAM: 8136 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:34:17, on 22.2.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Users\Davo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Dexpot\dexpot.exe
C:\Program Files (x86)\ownCloud\owncloud.exe
C:\Program Files (x86)\Plex Media Server\Plex Media Server.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Dexpot\plugins\SevenDex.exe
C:\Program Files (x86)\SnapPea\wandoujia_helper.exe
C:\Program Files (x86)\Dexpot\plugins\DexControl.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\TC PowerPack 2\totalcmd.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Plex Media Server\PlexScriptHost.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Plex Media Server\PlexDlnaServer.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\ Firefox\firefox.exe
C:\Program Files\trend micro\Davo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" 

UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App

\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [TC PowerPack 2] C:\Program Files (x86)\TC PowerPack 2\TCPowerPack.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Davo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Davo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Davo\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [ownCloud] C:\Program Files (x86)\ownCloud\owncloud.exe
O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex Media Server\Plex Media Server.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2164984403-1494394889-1087947439-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2164984403-1494394889-1087947439-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\EvernoteClipper.exe
O4 - Startup: wandoujia_helper.lnk = C:\Program Files (x86)\SnapPea\wandoujia_helper.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program 

Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:

\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote

\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files 

(x86)\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software

\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - D:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher

\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology

\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file 

missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) 

Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service

\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) 

Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player

\wmpnetwk.exe (file missing)

--
End of file - 16271 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 

ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 

ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files\Sandboxie\SbieSvc.exe"
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\windows\system32\nvvsvc.exe -session -first
C:\windows\system32\WLANExt.exe 32660976
\??\C:\windows\system32\conhost.exe "-194201574-1382633128-428192662-3452178732099284995-9422612681665878787-932804456
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskeng.exe {D2FD989C-0BFF-4E82-BD8A-33D432E52D76}
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
taskeng.exe {C24AF858-393C-40F2-B25E-C69302748BB8}
"C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" 
"C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" 
C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Windows\System32\igfxtray.exe" 
"C:\Windows\System32\hkcmd.exe" 
"C:\Windows\System32\igfxpers.exe" 
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" 
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe" 
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe" 
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Unified Remote\RemoteServer.exe" 
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Users\Davo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" 
"C:\Program Files\Sandboxie\SbieCtrl.exe" 
"C:\Program Files\TortoiseSVN\bin\TSVNCache.exe"
"C:\Program Files (x86)\Dexpot\dexpot.exe" 
"C:\Program Files (x86)\Dexpot\Dexpot64.exe" 
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE" 
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ownCloud\owncloud.exe" 
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Plex Media Server\Plex Media Server.exe" 
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe" 
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" 
"C:\Program Files (x86)\Evernote\EvernoteClipper.exe" 
"C:\Program Files (x86)\Dexpot\plugins\SevenDex.exe" 
"C:\Program Files (x86)\SnapPea\wandoujia_helper.exe" 
"C:\Program Files (x86)\Dexpot\plugins\DexControl.exe" 
"C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe" 
totalcmd.exe /I=".\Config\tcmdpp.ini" /F=".\Config\tcmdftp.ini" 
"C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
"C:\Program Files (x86)\iTunes\iTunesHelper.exe" 
"C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe" -autoupdate -startplugins
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Plex Media Server\PlexScriptHost.exe" "C:\Users\Davo\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources

\Versions\2\Python/bootstrap.py" "C:\Users\Davo\AppData\Local\Plex Media Server\Plug-ins\System.bundle"
\??\C:\windows\system32\conhost.exe "1429789453-2009634206993521473-1476063446357304893-206720314-126948981070480464
"C:\windows\SysWOW64\RunDll32.exe" "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Plex Media Server\PlexDlnaServer.exe" 
"C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe" -Embedding
"C:\windows\system32\cmd.exe" 
\??\C:\windows\system32\conhost.exe "-11644717111986273839-1112950035-360092055794645558-1270991218-727511055-1566153940
"C:\windows\system32\taskmgr.exe" /4
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 7392
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
firefox.exe -p -no-remote
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft

\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" 

"DownLevelDaemon" 
"C:\windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 
"C:\Users\Davo\Downloads\RSITx64.exe" 
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2164984403-1494394889-1087947439-1001Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2164984403-1494394889-1087947439-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\63dvq8h4.usex

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.152 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.152 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll


C:\Program Files (x86)\ Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\63dvq8h4.userx\extensions\
isreaditlater@ideashower.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-08-02 167704]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-08-02 392472]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-08-02 416024]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-03-28 11786344]
"IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-05-02 1935120]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-28 2841896]
"OnekeyStudio"=C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2012-01-16 789920]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2012-01-16 9753024]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2012-01-16 5908928]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Unified Remote v2"=C:\Program Files (x86)\Unified Remote\RemoteServer.exe [2013-02-28 275544]
"Google Update"=C:\Users\Davo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 116648]
"Spotify Web Helper"=C:\Users\Davo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-02-01 1171968]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2012-12-16 765200]
"Spotify"=C:\Users\Davo\AppData\Roaming\Spotify\spotify.exe [2014-02-01 6118400]
"ownCloud"=C:\Program Files (x86)\ownCloud\owncloud.exe [2013-10-21 15338642]
"Plex Media Server"=C:\Program Files (x86)\Plex Media Server\Plex Media Server.exe [2013-10-26 4238984]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-01-12 283160]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-26 222504]
"YouCam Mirage"=C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]
"YouCam Tray"=C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]
"VeriFaceManager"=C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [2012-01-16 329056]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"TC PowerPack 2"=C:\Program Files (x86)\TC PowerPack 2\TCPowerPack.exe [2009-05-24 56832]
"ConnectionCenter"=C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2011-08-11 358336]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-11-02 152392]
"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2013-11-03 2065408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Users\Davo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\EvernoteClipper.exe
wandoujia_helper.lnk - C:\Program Files (x86)\SnapPea\wandoujia_helper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2011-07-26 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll [2012-04-09 190480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll [2012-04-09 190480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-02-22 19:34:13 ----D---- C:\rsit
2014-02-22 19:34:13 ----D---- C:\Program Files\trend micro
2014-02-19 18:19:48 ----D---- C:\Program Files (x86)\Microsoft Security Client
2014-02-19 18:19:46 ----D---- C:\Program Files\Microsoft Security Client
2014-02-17 23:24:37 ----D---- C:\Users\Davo\AppData\Roaming\avidemux
2014-02-17 23:24:29 ----D---- C:\Program Files\Avidemux 2.6 - 64bits
2014-02-17 20:37:46 ----D---- C:\windows\SYSWOW64\SearchProtect
2014-02-17 20:32:20 ----D---- C:\Program Files (x86)\SearchProtect
2014-02-17 20:23:13 ----D---- C:\Users\Davo\AppData\Roaming\MOVAVI
2014-02-13 17:44:18 ----A---- C:\windows\SYSWOW64\vbscript.dll
2014-02-13 17:44:18 ----A---- C:\windows\system32\vbscript.dll
2014-02-13 17:43:30 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-02-13 17:43:30 ----A---- C:\windows\system32\msrating.dll
2014-02-13 17:43:29 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-02-13 17:43:29 ----A---- C:\windows\system32\ieui.dll
2014-02-13 17:43:29 ----A---- C:\windows\system32\iernonce.dll
2014-02-13 17:43:29 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-02-13 17:43:29 ----A---- C:\windows\system32\ie4uinit.exe
2014-02-13 17:43:28 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-02-13 17:43:28 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-02-13 17:43:28 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-02-13 17:43:28 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-02-13 17:43:28 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-02-13 17:43:28 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-02-13 17:43:28 ----A---- C:\windows\system32\msfeeds.dll
2014-02-13 17:43:28 ----A---- C:\windows\system32\jsproxy.dll
2014-02-13 17:43:28 ----A---- C:\windows\system32\ieUnatt.exe
2014-02-13 17:43:28 ----A---- C:\windows\system32\iesetup.dll
2014-02-13 17:43:28 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-02-13 17:43:28 ----A---- C:\windows\system32\ieetwcollector.exe
2014-02-13 17:43:27 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-02-13 17:43:27 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-02-13 17:43:27 ----A---- C:\windows\system32\mshtml.dll
2014-02-13 17:43:27 ----A---- C:\windows\system32\jscript9diag.dll
2014-02-13 17:43:27 ----A---- C:\windows\system32\ieapfltr.dll
2014-02-13 17:43:26 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-02-13 17:43:26 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-02-13 17:43:26 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-02-13 17:43:26 ----A---- C:\windows\system32\wininet.dll
2014-02-13 17:43:26 ----A---- C:\windows\system32\urlmon.dll
2014-02-13 17:43:26 ----A---- C:\windows\system32\iertutil.dll
2014-02-13 17:43:25 ----A---- C:\windows\system32\ieframe.dll
2014-02-13 17:43:24 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-02-13 17:43:23 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-02-13 17:43:23 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-02-13 17:43:23 ----A---- C:\windows\system32\jscript9.dll
2014-02-12 20:54:03 ----A---- C:\windows\SYSWOW64\msxml3r.dll
2014-02-12 20:54:03 ----A---- C:\windows\SYSWOW64\msxml3.dll
2014-02-12 20:54:03 ----A---- C:\windows\system32\msxml3r.dll
2014-02-12 20:54:03 ----A---- C:\windows\system32\msxml3.dll
2014-02-12 20:53:51 ----A---- C:\windows\SYSWOW64\d3d10warp.dll
2014-02-12 20:53:51 ----A---- C:\windows\SYSWOW64\d2d1.dll
2014-02-12 20:53:51 ----A---- C:\windows\system32\d3d10warp.dll
2014-02-12 20:53:51 ----A---- C:\windows\system32\d2d1.dll
2014-02-07 19:21:22 ----D---- C:\Users\Davo\AppData\Roaming\Battle.net
2014-02-07 19:21:04 ----D---- C:\Program Files (x86)\Battle.net
2014-01-27 21:48:59 ----D---- C:\cygwin64

======List of files/folders modified in the last 1 month======

2014-02-22 19:34:13 ----RD---- C:\Program Files
2014-02-22 19:33:37 ----D---- C:\Users\Davo\AppData\Roaming\NetSpeedMonitor
2014-02-22 19:27:10 ----D---- C:\windows\system32\config
2014-02-22 19:18:48 ----D---- C:\windows\System32
2014-02-22 19:18:48 ----D---- C:\windows\inf
2014-02-22 19:18:48 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-02-22 19:16:00 ----A---- C:\windows\SYSWOW64\log.txt
2014-02-22 19:15:57 ----D---- C:\windows\Temp
2014-02-22 19:15:16 ----D---- C:\Users\Davo\AppData\Roaming\Spotify
2014-02-22 19:14:27 ----D---- C:\ProgramData\boost_interprocess
2014-02-22 19:14:18 ----D---- C:\ProgramData\VeriFace
2014-02-22 19:14:12 ----D---- C:\Users\Davo\AppData\Roaming\Dexpot
2014-02-22 19:13:45 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-22 19:13:45 ----D---- C:\Program Files (x86)\ Firefox
2014-02-22 19:13:20 ----D---- C:\Program Files\PeerBlock
2014-02-22 12:02:49 ----D---- C:\Users\Davo\AppData\Roaming\vlc
2014-02-21 23:02:20 ----SHD---- C:\System Volume Information
2014-02-20 00:03:26 ----D---- C:\Users\Davo\AppData\Roaming\TS3Client
2014-02-19 20:39:36 ----D---- C:\Program Files\TeamSpeak 3
2014-02-19 18:20:22 ----D---- C:\Windows
2014-02-19 18:20:22 ----A---- C:\windows\Sandboxie.ini
2014-02-19 18:19:52 ----SHD---- C:\windows\Installer
2014-02-19 18:19:49 ----D---- C:\windows\system32\drivers
2014-02-19 18:19:49 ----D---- C:\windows\system32\catroot
2014-02-19 18:19:48 ----SD---- C:\ProgramData\Microsoft
2014-02-19 18:19:48 ----RD---- C:\Program Files (x86)
2014-02-19 18:03:03 ----D---- C:\Users\Davo\AppData\Roaming\uTorrent
2014-02-18 18:10:10 ----D---- C:\windows\system32\MRT
2014-02-18 18:08:40 ----A---- C:\windows\system32\MRT.exe
2014-02-17 22:11:30 ----D---- C:\windows\Tasks
2014-02-17 22:11:30 ----D---- C:\windows\SysWOW64
2014-02-17 22:11:30 ----D---- C:\windows\system32\wfp
2014-02-17 22:11:30 ----D---- C:\Program Files\Internet Explorer
2014-02-17 22:11:30 ----D---- C:\Program Files (x86)\Internet Explorer
2014-02-17 22:11:28 ----D---- C:\windows\system32\wbem
2014-02-17 22:10:57 ----D---- C:\windows\winsxs
2014-02-17 22:10:57 ----D---- C:\windows\system32\DriverStore
2014-02-17 22:10:57 ----D---- C:\windows\system32\catroot2
2014-02-17 22:10:54 ----D---- C:\windows\system32\Tasks
2014-02-17 22:10:54 ----D---- C:\windows\system32\CodeIntegrity
2014-02-17 22:10:51 ----RSD---- C:\windows\assembly
2014-02-17 22:10:40 ----D---- C:\Users\Davo\AppData\Roaming\Wandoujia2
2014-02-17 22:10:37 ----D---- C:\Program Files (x86)\iExplorer
2014-02-17 22:10:31 ----D---- C:\windows\registration
2014-02-17 22:09:48 ----D---- C:\windows\Microsoft.NET
2014-02-17 22:07:21 ----HD---- C:\ProgramData
2014-02-17 20:33:40 ----D---- C:\windows\Prefetch
2014-02-14 17:07:40 ----D---- C:\Users\Davo\AppData\Roaming\KeePass
2014-02-13 17:51:54 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2014-02-09 18:14:19 ----D---- C:\Users\Davo\AppData\Roaming\Mozilla
2014-01-26 18:17:03 ----D---- C:\Users\Davo\AppData\Roaming\WandoujiaUsbDriver

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 HybridDisk;HybridDisk; C:\windows\System32\DRIVERS\HybridDiskX64.sys [2010-03-02 38496]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-12 439320]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2012-01-16 39008]
R0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 ctxusbm;Citrix USB Monitor Driver; C:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-10 91864]
R1 hybridcfile;hybridcfile; C:\windows\system32\DRIVERS\HybridCFileX64.sys [2010-03-02 13920]
R1 truecrypt;truecrypt; C:\windows\System32\drivers\truecrypt.sys [2013-12-03 231376]
R1 VBoxDrv;VirtualBox Service; C:\windows\system32\DRIVERS\VBoxDrv.sys [2013-11-29 252688]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\windows\system32\DRIVERS\VBoxUSBMon.sys [2013-11-29 126736]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2012-01-16 29792]
R3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-09-29 80384]
R3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2011-05-13 437288]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2011-05-13 150568]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2011-05-13 164392]
R3 BTWDPAN;Bluetooth Personal Area Network; C:\windows\system32\DRIVERS\btwdpan.sys [2011-05-13 89640]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-13 39976]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2011-05-13 21544]
R3 cbfs3;EldoS Callback File System driver v3; C:\windows\system32\DRIVERS\cbfs3.sys [2012-04-09 352144]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 DelayMan;ACPI DelayMan Filter Service; C:\windows\system32\DRIVERS\delayman.sys [2012-01-16 20064]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-07-27 12288480]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2011-03-29 2819560]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2010-12-13 174168]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 rtsuvc;Lenovo EasyCamera; C:\windows\system32\DRIVERS\rtsuvc.sys [2011-03-23 8199016]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-10-28 398896]
R3 uvhid;Unified Virtual HID; C:\windows\system32\DRIVERS\uvhid.sys [2013-02-27 20992]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-11-29 140560]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\windows\system32\DRIVERS\VBoxNetFlt.sys [2013-11-29 154896]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdkmd;Intel WiDi KMD; C:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2011-09-29 552960]
S3 ggflt;SEMC USB Flash Driver Filter; C:\windows\system32\DRIVERS\ggflt.sys [2012-10-27 14448]
S3 ggsemc;SEMC USB Flash Driver; C:\windows\system32\DRIVERS\ggsemc.sys [2012-10-27 27760]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\windows\system32\drivers\massfilter.sys []
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pneteth;PdaNet Broadband; C:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver; C:\windows\system32\DRIVERS\point64.sys [2013-05-13 50864]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 VBoxUSB;VirtualBox USB; C:\windows\System32\Drivers\VBoxUSB.sys [2013-11-29 113936]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2011-05-12 970016]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-05-02 1517328]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 

13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 

[2010-12-21 325656]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]
R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvvsvc.exe [2011-05-02 993896]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-05-02 844560]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2012-12-16 123664]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS

\UNS.exe [2010-12-21 2656280]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 641352]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 

130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 

138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; D:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 

[2013-10-03 1432400]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-02-06 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-17 118896]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 

4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-01-07 569768]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-05-19 1255736]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET

\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET

\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET

\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Márty84]

Zdravim

Nedavejte logy do Code, spatne se to cte.

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

[Universal]

Za zpusob vlozeni logu se omlouvam. Kdyz jsem to chtel prilozit jako soubor, hlasilo to, ze txt files nejsou povoleny.

Tady je log.

Pro jistotu prikladam i oba logy v zipu.

--CODE--

# AdwCleaner v3.019 - Report created 23/02/2014 at 09:04:22
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Universal - VALERIEPC
# Running from : C:\Users\Universal\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\Searchprotect
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\Universal\AppData\Local\Searchprotect
Folder Found C:\windows\SysWOW64\Searchprotect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\1zr6rv0l.airdroid\prefs.js ]


[ File : C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\63dvq8h4.userX\prefs.js ]


[ File : C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\89zu4o7x.mamka\prefs.js ]


[ File : C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\ke9uiyf1.livecalendar\prefs.js ]


[ File : C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\lhh4mqok.facebook\prefs.js ]


[ File : C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\prefs.js ]

Line Found : user_pref("browser.search.selectedEngine", "Conduit Search");

[ File : C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\exk4fnll.default\prefs.js ]


-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Davo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : keyword
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [2222 octets] - [23/02/2014 09:04:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2282 octets] ##########


--EOF--

[Márty84]

Jako textovy soubor to nejde, ale jako normalni text ano Jinak z toho Code boli oci, to pouzivame jen my pro skripty, ktere uzivatele cist nepotrebuji


Znovu ukoncete vsechny programy a spustte AdwCleaner jako spravce.
Tentokrat kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zase zkopirujte.


Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[Universal]

Ok, done and done. Logy zde:

--- ADWcleaner ---

# AdwCleaner v3.019 - Report created 23/02/2014 at 10:39:39
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Universal - VALERIEPC
# Running from : C:\Users\Universal\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\windows\SysWOW64\Searchprotect
Folder Deleted : C:\Users\Universal\AppData\Local\Searchprotect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\1zr6rv0l.airdroid\prefs.js ]


[ File : C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\63dvq8h4.xdavewolf\prefs.js ]


[ File : C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\89zu4o7x.david.pribyl\prefs.js ]


[ File : C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\ke9uiyf1.livecalendar\prefs.js ]


[ File : C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\lhh4mqok.facebook\prefs.js ]


[ File : C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");

[ File : C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\exk4fnll.default\prefs.js ]


-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Davo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [2362 octets] - [23/02/2014 09:04:22]
AdwCleaner[S0].txt - [2170 octets] - [23/02/2014 10:39:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2230 octets] ##########


--- EOF ---


--- MBAM ---

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Universal :: VALERIEPC [administrator]

23.2.2014 10:48:15
MBAM-log-2014-02-23 (13-31-25).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 610440
Time elapsed: 1 hour(s), 34 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Users\Davo\Downloads\dexpot_1611_r2394.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\mamka\AppData\Local\Temp\lA82UE2P.exe.part (PUP.Optional.Softonic.A) -> No action taken.
C:\Windows\Temp\nsj59CB.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Windows\Temp\nskA77F.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Windows\Temp\nspF6D6.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Windows\Temp\nsz59DB.exe (PUP.Optional.SearchProtect.A) -> No action taken.
D:\AUTODESK.REVIT.ARCHITECTURE.V2013-ISO\Crack\xf-revita_x64.exe (RiskWare.Tool.CK) -> No action taken.
D:\Downloads\Downloads\dexpot_1611_r2394.exe (PUP.Optional.OpenCandy) -> No action taken.
D:\disk\4_year_VT\people_cad.exe (Adware.Agent) -> No action taken.
D:\disk\Fourth_year_HT\people_cad.exe (Adware.Agent) -> No action taken.

(end)


--- EOF ---

[Márty84]

Nalezy MBAM nechte odstranit.

Po odstraneni a restartu pc test zopakujte. Dejte vedet, jestli neco nasel. Podle toho zvolim dalsi postup.

[Universal]

Ok, provedeno. Vypada to nadejne

--- MBAM ---

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Universal :: VALERIEPC [administrator]

23.2.2014 18:53:53
MBAM-log-2014-02-23 (20-27-57).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 613761
Time elapsed: 1 hour(s), 31 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

(end)

--- EOF ---

[Márty84]

MBAM muzete odinstalovat

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

[Universal]

Tak jsme zase o krok dále.

--- RK ---

RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Universal [Admin rights]
Mode : Scan -- Date : 02/24/2014 20:09:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKUS\S-1-5-21-2164984403-1494394889-1087947439-1000\[...]\Run : FactoryTest (C:\Windows\Test.bat [x]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG MZMPA032HMCD-000 +++++
--- User ---
[MBR] 4500bef21518f39553b78330e24baa2f
[BSP] dfc08dc6be602afc32b2e980e7999d28 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 88082 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 180805632 | Size: 642543 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1496735152 | Size: 15108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) HITACHI HTS547575A9E384 +++++
Error reading User MBR! ([0x1b] The drive cannot find the sector requested. )
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ ) JMCR SD/MMC SCSI Disk Device +++++
--- User ---
[MBR] 512826953ca9744e0cf67cbeaf487e29
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 137 | Size: 1875 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_S_02242014_200933.txt >>


--- EOF ---

btw. co te vede k tomu, takhle pomahat cizim lidem? ja si toho velmi cenim, akorat jsem zvedavy

[Márty84]

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

btw. co te vede k tomu, takhle pomahat cizim lidem? ja si toho velmi cenim, akorat jsem zvedavy

Pocitace me bavi a je to fajn pocit, kdyz nekomu udelam jen tak radost

[Universal]

V techto chvilich jsem opravdu rad, ze existuji lide jako jsi ty

--- po Smazat ---

RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Universal [Admin rights]
Mode : Remove -- Date : 02/24/2014 22:35:31
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKUS\S-1-5-21-2164984403-1494394889-1087947439-1000\[...]\Run : FactoryTest (C:\Windows\Test.bat [x]) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG MZMPA032HMCD-000 +++++
--- User ---
[MBR] 4500bef21518f39553b78330e24baa2f
[BSP] dfc08dc6be602afc32b2e980e7999d28 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 88082 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 180805632 | Size: 642543 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1496735152 | Size: 15108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) HITACHI HTS547575A9E384 +++++
Error reading User MBR! ([0x1b] The drive cannot find the sector requested. )
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ ) JMCR SD/MMC SCSI Disk Device +++++
--- User ---
[MBR] 512826953ca9744e0cf67cbeaf487e29
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 137 | Size: 1875 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_D_02242014_223531.txt >>
RKreport[0]_S_02242014_200933.txt

--- EOF ---


--- po hosts ---

RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Universal [Admin rights]
Mode : HOSTSFix -- Date : 02/24/2014 22:36:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[0]_H_02242014_223659.txt >>
RKreport[0]_D_02242014_223531.txt;RKreport[0]_S_02242014_200933.txt

--- EOF ---

[Márty84]

Dejte novy log z RSIT

[Universal]

Tady je

--- RSIT ---

Logfile of random's system information tool 1.09 (written by random/random)
Run by Universal at 2014-02-25 19:24:40
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 16 GB (18%) free of 88 GB
Total RAM: 8136 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:24:42, on 25.2.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dexpot\dexpot.exe
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Users\Davo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Dexpot\plugins\SevenDex.exe
C:\Program Files (x86)\Dexpot\plugins\DexControl.exe
C:\Program Files (x86)\ownCloud\owncloud.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\SnapPea\wandoujia_helper.exe
C:\Program Files (x86)\TC PowerPack 2\totalcmd.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\ Firefox\firefox.exe
C:\Program Files (x86)\ Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Program Files (x86)\Miranda_Cult_Pack_1.11\miranda32.exe
C:\windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\EvernoteTray.exe
C:\Users\Davo\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\trend micro\Davo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [TC PowerPack 2] C:\Program Files (x86)\TC PowerPack 2\TCPowerPack.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Davo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Davo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Davo\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [ownCloud] C:\Program Files (x86)\ownCloud\owncloud.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2164984403-1494394889-1087947439-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2164984403-1494394889-1087947439-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\EvernoteClipper.exe
O4 - Startup: wandoujia_helper.lnk = C:\Program Files (x86)\SnapPea\wandoujia_helper.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - D:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16428 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files\Sandboxie\SbieSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\windows\system32\nvvsvc.exe -session -first
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\windows\system32\svchost.exe -k bthsvcs
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3151e125-ef69-456b-9d1d-ffe24ae19475 -SystemEventPortName:HostProcess-d3e2d0d5-5cd4-4270-9f7e-b79901caec44 -IoCancelEventPortName:HostProcess-32d95d57-9879-4920-9fd9-9e1b59a50431 -NonStateChangingEventPortName:HostProcess-8fc264e2-13cd-4130-846a-646b38742a05 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:081ffead-a99b-4079-85d0-6d00b29c4f87
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
taskeng.exe {E09F9A5C-95A7-4EB4-82D3-F707EC6734D5}
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
taskeng.exe {DFD3D2D7-A175-4827-A08B-BC27600557CB}
"C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
"C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
"C:\Program Files (x86)\Dexpot\dexpot.exe"
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Unified Remote\RemoteServer.exe"
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe"
"C:\Users\Davo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"C:\Program Files\Sandboxie\SbieCtrl.exe"
"C:\Program Files\TortoiseSVN\bin\TSVNCache.exe"
"C:\Program Files (x86)\Dexpot\Dexpot64.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Dexpot\plugins\SevenDex.exe"
"C:\Program Files (x86)\Dexpot\plugins\DexControl.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\ownCloud\owncloud.exe"
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
"C:\Program Files (x86)\Evernote\EvernoteClipper.exe"
"C:\Program Files (x86)\SnapPea\wandoujia_helper.exe"
totalcmd.exe /I=".\Config\tcmdpp.ini" /F=".\Config\tcmdftp.ini"
"C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe" -autoupdate -startplugins
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\windows\SysWOW64\RunDll32.exe" "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe" -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 6616
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\windows\system32\cmd.exe"
\??\C:\windows\system32\conhost.exe "-1313346003167374983311932597151408503711-744211224268099902-591976749-2127013615
firefox.exe -p -no-remote
"C:\Program Files (x86)\ Firefox\plugin-container.exe" --channel=4432.21167700.299401079 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll" -greomni "C:\Program Files (x86)\ Firefox\omni.ja" -appomni "C:\Program Files (x86)\ Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\ Firefox\browser" C3D2BC4C15EFA44E 4432 "\\.\pipe\gecko-crash-server-pipe.4432" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe" --proxy-stub-channel=Flash6492.555CC768.12565 --host-broker-channel=Flash6492.555CC768.17507 --host-pid=6492 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe" --channel=1912.0039F544.249892668 --proxy-stub-channel=Flash6492.555CC768.12565 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\Miranda_Cult_Pack_1.11\miranda32.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Davo\Desktop\RKreport[0]_S_02242014_200933.txt
C:\windows\system32\WLANExt.exe 38978096
\??\C:\windows\system32\conhost.exe "-7871975981703798352-1085966866-16401910411576839908207765940475321773-184563569
"C:\Program Files (x86)\Evernote\Evernote.exe"
"C:\Program Files (x86)\Evernote\EvernoteTray.exe"
taskeng.exe {9048B111-5EB5-495A-BC52-BFA37085A90B}
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe49_ Global\UsGthrCtrlFltPipeMssGthrPipe49 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Users\Davo\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Users\Davo\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2164984403-1494394889-1087947439-1001Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2164984403-1494394889-1087947439-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.152 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.152 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll


C:\Program Files (x86)\ Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\
isreaditlater@ideashower.com
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-08-02 167704]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-08-02 392472]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-08-02 416024]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-03-28 11786344]
"IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-05-02 1935120]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-28 2841896]
"OnekeyStudio"=C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2012-01-16 789920]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2012-01-16 9753024]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2012-01-16 5908928]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Unified Remote v2"=C:\Program Files (x86)\Unified Remote\RemoteServer.exe [2013-02-28 275544]
"Google Update"=C:\Users\Davo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 116648]
"Spotify Web Helper"=C:\Users\Davo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-02-01 1171968]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2012-12-16 765200]
"Spotify"=C:\Users\Davo\AppData\Roaming\Spotify\spotify.exe [2014-02-01 6118400]
"ownCloud"=C:\Program Files (x86)\ownCloud\owncloud.exe [2014-02-13 16978503]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-01-12 283160]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-26 222504]
"YouCam Mirage"=C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]
"YouCam Tray"=C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]
"VeriFaceManager"=C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [2012-01-16 329056]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"TC PowerPack 2"=C:\Program Files (x86)\TC PowerPack 2\TCPowerPack.exe [2009-05-24 56832]
"ConnectionCenter"=C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2011-08-11 358336]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-11-02 152392]
"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2013-11-03 2065408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Users\Davo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\EvernoteClipper.exe
wandoujia_helper.lnk - C:\Program Files (x86)\SnapPea\wandoujia_helper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2011-07-26 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll [2012-04-09 190480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll [2012-04-09 190480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-02-23 17:15:59 ----D---- C:\Users\Davo\AppData\Roaming\TortoiseSVN
2014-02-23 17:11:39 ----D---- C:\Program Files\TortoiseSVN
2014-02-23 17:11:39 ----D---- C:\Program Files\Common Files\TortoiseOverlays
2014-02-23 17:11:34 ----SHD---- C:\Config.Msi
2014-02-23 13:52:49 ----D---- C:\Users\Davo\AppData\Roaming\Thunderbird
2014-02-23 13:50:04 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2014-02-23 10:46:14 ----D---- C:\Users\Davo\AppData\Roaming\Malwarebytes
2014-02-23 10:46:05 ----D---- C:\ProgramData\Malwarebytes
2014-02-23 10:46:03 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 10:46:03 ----A---- C:\windows\system32\drivers\mbam.sys
2014-02-23 10:44:57 ----D---- C:\ProgramData\boost_interprocess
2014-02-23 09:03:31 ----D---- C:\AdwCleaner
2014-02-22 19:34:13 ----D---- C:\rsit
2014-02-22 19:34:13 ----D---- C:\Program Files\trend micro
2014-02-19 18:19:48 ----D---- C:\Program Files (x86)\Microsoft Security Client
2014-02-19 18:19:46 ----D---- C:\Program Files\Microsoft Security Client
2014-02-17 23:24:37 ----D---- C:\Users\Davo\AppData\Roaming\avidemux
2014-02-17 23:24:29 ----D---- C:\Program Files\Avidemux 2.6 - 64bits
2014-02-17 20:23:13 ----D---- C:\Users\Davo\AppData\Roaming\MOVAVI
2014-02-13 17:44:18 ----A---- C:\windows\SYSWOW64\vbscript.dll
2014-02-13 17:44:18 ----A---- C:\windows\system32\vbscript.dll
2014-02-13 17:43:30 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-02-13 17:43:30 ----A---- C:\windows\system32\msrating.dll
2014-02-13 17:43:29 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-02-13 17:43:29 ----A---- C:\windows\system32\ieui.dll
2014-02-13 17:43:29 ----A---- C:\windows\system32\iernonce.dll
2014-02-13 17:43:29 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-02-13 17:43:29 ----A---- C:\windows\system32\ie4uinit.exe
2014-02-13 17:43:28 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-02-13 17:43:28 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-02-13 17:43:28 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-02-13 17:43:28 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-02-13 17:43:28 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-02-13 17:43:28 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-02-13 17:43:28 ----A---- C:\windows\system32\msfeeds.dll
2014-02-13 17:43:28 ----A---- C:\windows\system32\jsproxy.dll
2014-02-13 17:43:28 ----A---- C:\windows\system32\ieUnatt.exe
2014-02-13 17:43:28 ----A---- C:\windows\system32\iesetup.dll
2014-02-13 17:43:28 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-02-13 17:43:28 ----A---- C:\windows\system32\ieetwcollector.exe
2014-02-13 17:43:27 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-02-13 17:43:27 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-02-13 17:43:27 ----A---- C:\windows\system32\mshtml.dll
2014-02-13 17:43:27 ----A---- C:\windows\system32\jscript9diag.dll
2014-02-13 17:43:27 ----A---- C:\windows\system32\ieapfltr.dll
2014-02-13 17:43:26 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-02-13 17:43:26 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-02-13 17:43:26 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-02-13 17:43:26 ----A---- C:\windows\system32\wininet.dll
2014-02-13 17:43:26 ----A---- C:\windows\system32\urlmon.dll
2014-02-13 17:43:26 ----A---- C:\windows\system32\iertutil.dll
2014-02-13 17:43:25 ----A---- C:\windows\system32\ieframe.dll
2014-02-13 17:43:24 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-02-13 17:43:23 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-02-13 17:43:23 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-02-13 17:43:23 ----A---- C:\windows\system32\jscript9.dll
2014-02-12 20:54:03 ----A---- C:\windows\SYSWOW64\msxml3r.dll
2014-02-12 20:54:03 ----A---- C:\windows\SYSWOW64\msxml3.dll
2014-02-12 20:54:03 ----A---- C:\windows\system32\msxml3r.dll
2014-02-12 20:54:03 ----A---- C:\windows\system32\msxml3.dll
2014-02-12 20:53:51 ----A---- C:\windows\SYSWOW64\d3d10warp.dll
2014-02-12 20:53:51 ----A---- C:\windows\SYSWOW64\d2d1.dll
2014-02-12 20:53:51 ----A---- C:\windows\system32\d3d10warp.dll
2014-02-12 20:53:51 ----A---- C:\windows\system32\d2d1.dll
2014-02-07 19:21:22 ----D---- C:\Users\Davo\AppData\Roaming\Battle.net
2014-02-07 19:21:04 ----D---- C:\Program Files (x86)\Battle.net
2014-01-27 21:48:59 ----D---- C:\cygwin64

======List of files/folders modified in the last 1 month======

2014-02-25 19:24:42 ----D---- C:\windows\Prefetch
2014-02-25 19:24:40 ----D---- C:\Users\Davo\AppData\Roaming\NetSpeedMonitor
2014-02-25 19:23:43 ----D---- C:\ProgramData\VeriFace
2014-02-24 22:37:01 ----D---- C:\windows\Temp
2014-02-24 21:09:59 ----D---- C:\Users\Davo\AppData\Roaming\vlc
2014-02-24 20:09:30 ----D---- C:\windows\system32\drivers
2014-02-24 18:57:32 ----D---- C:\windows\System32
2014-02-24 18:57:32 ----D---- C:\windows\inf
2014-02-24 18:57:32 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-02-24 18:55:25 ----D---- C:\Users\Davo\AppData\Roaming\Spotify
2014-02-24 18:55:20 ----A---- C:\windows\SYSWOW64\log.txt
2014-02-24 18:53:32 ----D---- C:\windows\system32\catroot2
2014-02-24 18:38:34 ----D---- C:\windows\system32\config
2014-02-23 23:59:20 ----D---- C:\Users\Davo\AppData\Roaming\TS3Client
2014-02-23 17:12:39 ----D---- C:\Users\Davo\AppData\Roaming\Dexpot
2014-02-23 17:12:13 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-23 17:11:49 ----SHD---- C:\windows\Installer
2014-02-23 17:11:40 ----D---- C:\Program Files (x86)\Common Files
2014-02-23 17:11:39 ----RD---- C:\Program Files
2014-02-23 17:11:39 ----D---- C:\Program Files\Common Files
2014-02-23 16:51:20 ----SHD---- C:\System Volume Information
2014-02-23 14:28:45 ----D---- C:\Program Files (x86)\ownCloud
2014-02-23 13:50:04 ----RD---- C:\Program Files (x86)
2014-02-23 10:46:05 ----HD---- C:\ProgramData
2014-02-23 10:39:40 ----D---- C:\windows\SysWOW64
2014-02-22 19:13:45 ----D---- C:\Program Files (x86)\ Firefox
2014-02-22 19:13:20 ----D---- C:\Program Files\PeerBlock
2014-02-19 20:39:36 ----D---- C:\Program Files\TeamSpeak 3
2014-02-19 18:20:22 ----D---- C:\Windows
2014-02-19 18:20:22 ----A---- C:\windows\Sandboxie.ini
2014-02-19 18:19:49 ----D---- C:\windows\system32\catroot
2014-02-19 18:19:48 ----SD---- C:\ProgramData\Microsoft
2014-02-19 18:03:03 ----D---- C:\Users\Davo\AppData\Roaming\uTorrent
2014-02-18 18:10:10 ----D---- C:\windows\system32\MRT
2014-02-18 18:08:40 ----A---- C:\windows\system32\MRT.exe
2014-02-17 22:11:30 ----D---- C:\windows\Tasks
2014-02-17 22:11:30 ----D---- C:\windows\system32\wfp
2014-02-17 22:11:30 ----D---- C:\Program Files\Internet Explorer
2014-02-17 22:11:30 ----D---- C:\Program Files (x86)\Internet Explorer
2014-02-17 22:11:28 ----D---- C:\windows\system32\wbem
2014-02-17 22:10:57 ----D---- C:\windows\winsxs
2014-02-17 22:10:57 ----D---- C:\windows\system32\DriverStore
2014-02-17 22:10:54 ----D---- C:\windows\system32\Tasks
2014-02-17 22:10:54 ----D---- C:\windows\system32\CodeIntegrity
2014-02-17 22:10:51 ----RSD---- C:\windows\assembly
2014-02-17 22:10:40 ----D---- C:\Users\Davo\AppData\Roaming\Wandoujia2
2014-02-17 22:10:37 ----D---- C:\Program Files (x86)\iExplorer
2014-02-17 22:10:31 ----D---- C:\windows\registration
2014-02-17 22:09:48 ----D---- C:\windows\Microsoft.NET
2014-02-14 17:07:40 ----D---- C:\Users\Davo\AppData\Roaming\KeePass
2014-02-13 17:51:54 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2014-02-09 18:14:19 ----D---- C:\Users\Davo\AppData\Roaming\Mozilla
2014-01-26 18:17:03 ----D---- C:\Users\Davo\AppData\Roaming\WandoujiaUsbDriver

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 HybridDisk;HybridDisk; C:\windows\System32\DRIVERS\HybridDiskX64.sys [2010-03-02 38496]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-12 439320]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2012-01-16 39008]
R0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 ctxusbm;Citrix USB Monitor Driver; C:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-10 91864]
R1 hybridcfile;hybridcfile; C:\windows\system32\DRIVERS\HybridCFileX64.sys [2010-03-02 13920]
R1 truecrypt;truecrypt; C:\windows\System32\drivers\truecrypt.sys [2013-12-03 231376]
R1 VBoxDrv;VirtualBox Service; C:\windows\system32\DRIVERS\VBoxDrv.sys [2013-11-29 252688]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\windows\system32\DRIVERS\VBoxUSBMon.sys [2013-11-29 126736]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2012-01-16 29792]
R3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-09-29 80384]
R3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2011-05-13 437288]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2011-05-13 150568]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2011-05-13 164392]
R3 BTWDPAN;Bluetooth Personal Area Network; C:\windows\system32\DRIVERS\btwdpan.sys [2011-05-13 89640]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-13 39976]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2011-05-13 21544]
R3 cbfs3;EldoS Callback File System driver v3; C:\windows\system32\DRIVERS\cbfs3.sys [2012-04-09 352144]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 DelayMan;ACPI DelayMan Filter Service; C:\windows\system32\DRIVERS\delayman.sys [2012-01-16 20064]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-07-27 12288480]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2011-03-29 2819560]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2010-12-13 174168]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 rtsuvc;Lenovo EasyCamera; C:\windows\system32\DRIVERS\rtsuvc.sys [2011-03-23 8199016]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-10-28 398896]
R3 uvhid;Unified Virtual HID; C:\windows\system32\DRIVERS\uvhid.sys [2013-02-27 20992]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-11-29 140560]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\windows\system32\DRIVERS\VBoxNetFlt.sys [2013-11-29 154896]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdkmd;Intel WiDi KMD; C:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2011-09-29 552960]
S3 ggflt;SEMC USB Flash Driver Filter; C:\windows\system32\DRIVERS\ggflt.sys [2012-10-27 14448]
S3 ggsemc;SEMC USB Flash Driver; C:\windows\system32\DRIVERS\ggsemc.sys [2012-10-27 27760]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\windows\system32\drivers\massfilter.sys []
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pneteth;PdaNet Broadband; C:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver; C:\windows\system32\DRIVERS\point64.sys [2013-05-13 50864]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 VBoxUSB;VirtualBox USB; C:\windows\System32\Drivers\VBoxUSB.sys [2013-11-29 113936]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2011-05-12 970016]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-05-02 1517328]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]
R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvvsvc.exe [2011-05-02 993896]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-05-02 844560]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2012-12-16 123664]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 641352]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; D:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-10-03 1432400]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-02-06 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-17 118896]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-01-07 569768]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-05-19 1255736]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

--- EOF ---

[Márty84]

Jeste jeden sken a budem mazat.


Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

[Universal]

Tak jsem tady zase

--- Extras.txt ---

OTL Extras logfile created on: 26.2.2014 16:39:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Davo\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

7,95 Gb Total Physical Memory | 5,81 Gb Available Physical Memory | 73,09% Memory free
15,89 Gb Paging File | 12,89 Gb Available in Paging File | 81,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 86,02 Gb Total Space | 15,23 Gb Free Space | 17,71% Space Free | Partition Type: NTFS
Drive D: | 627,48 Gb Total Space | 53,87 Gb Free Space | 8,59% Space Free | Partition Type: NTFS
Drive F: | 661,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 1,83 Gb Total Space | 1,83 Gb Free Space | 99,99% Space Free | Partition Type: FAT32

Computer Name: VALERIEPC | User Name: Davo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2164984403-1494394889-1087947439-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\ Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TC PowerPack 2] -- "C:\Program Files (x86)\TC PowerPack 2\TCPowerPack.exe" /O /T "%1" (BuKoX)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TC PowerPack 2] -- "C:\Program Files (x86)\TC PowerPack 2\TCPowerPack.exe" /O /T "%1" (BuKoX)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0611124C-0A18-4BC9-9B39-02126D83E34F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0DD654AA-64FF-4564-A3C2-96F29733E085}" = rport=139 | protocol=6 | dir=out | app=system |
"{20C6C03C-B740-4659-B5B3-7844491590F9}" = rport=445 | protocol=6 | dir=out | app=system |
"{39228D92-D98B-45C8-BB04-18822FE25344}" = lport=138 | protocol=17 | dir=in | app=system |
"{3DD0925D-34F0-4505-A358-3D33B0C8471F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3F18A8BD-0D1C-4FFC-8C80-799DBDE0F919}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58B23D9A-A4D8-4379-B6C4-2AFB0E9952BD}" = lport=139 | protocol=6 | dir=in | app=system |
"{9087732C-6400-4170-8127-8CEE06B6745A}" = lport=445 | protocol=6 | dir=in | app=system |
"{96BB82A9-68F5-45CE-8AD7-5C98DF38C9F4}" = lport=137 | protocol=17 | dir=in | app=system |
"{A128C347-82FC-4C8A-9507-59FAABDDF486}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B91C02D7-2620-44E0-9257-4FCCA5C56DBC}" = rport=138 | protocol=17 | dir=out | app=system |
"{B9CD901A-9A7B-4B9D-8765-D15DF46AF39B}" = rport=137 | protocol=17 | dir=out | app=system |
"{BB6D0D91-920A-48BD-ADA0-83D67DABE462}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BC41A3FE-DFF9-4E1F-BEA2-132014522A72}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C4CB15B3-E973-4004-B952-A2A9466451BF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F60D97-2B6D-4C8C-8004-3153C30F36D9}" = protocol=6 | dir=in | app=d:\games\hearthstone\hearthstone.exe |
"{04210BF1-5D82-408D-9E7D-C4CB9199B97F}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\tictactoe.exe |
"{0635FBCC-A479-4C2B-BF43-9EF7EFD13565}" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe |
"{09381163-35A1-40B1-A324-C4E3AA040108}" = dir=in | app=c:\program files (x86)\plex media server\plexdlnaserver.exe |
"{0BF22DC7-E4F0-4503-82B5-A5E5CD1ACA46}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe |
"{0EFBBE30-868E-4F5A-AA7D-7C3C51EBDEE3}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\seabattle.exe |
"{10004BDC-4CAC-4BD5-BEF1-53606185387C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{122B1280-E092-4CEB-B104-7C309BDB5442}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{1254776F-B82B-416C-AE08-9D7A96480D85}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{172CC99B-2E5B-4799-80C9-20C4D2B5BED9}" = protocol=6 | dir=in | app=c:\program files (x86)\snappea\wandoujia2.exe |
"{1ACD55C4-8A38-4060-8B0D-FB52FD7727C2}" = protocol=6 | dir=in | app=c:\program files (x86)\local sync\localsync.exe |
"{1B6BAE1C-0B2C-4510-8653-E73EF018DCF8}" = protocol=17 | dir=in | app=d:\games\ut2004\system\ut2004.exe |
"{1CA9E0B0-D545-4C00-A5C2-D225B0EAA2C7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{21C3D6F6-6E27-4CDD-A2C6-1BA7224DBB96}" = protocol=6 | dir=in | app=d:\games\ut2004\system\ut2004.exe |
"{23B5EAAC-1B95-43F3-9175-F3AA0520A4BA}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{242CA2B0-7E5C-4921-8CDF-906D71D624AD}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\chess.exe |
"{24841E82-11BF-415E-BA73-A6080B5D41E4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{2AC9307D-862A-49F6-8230-D235F8B1FB8A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe |
"{2B1456EF-5E1D-409D-8674-9E0ED5EBC4FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B45A3E4-27E7-4351-BFED-43AF952940E0}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\torchlight\torchlight.exe |
"{31325E5C-4B4D-4EB6-8DC4-6F00B46EBB04}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{33931A80-03A8-47FD-B73D-4880DA4084CF}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\torchlight\torchlight.exe |
"{34BFD65F-5347-4163-B4BF-2C5B501D541D}" = protocol=17 | dir=in | app=c:\program files (x86)\snappea\wandoujia2.exe |
"{357DA4E4-85F1-4FB7-9FB3-93118DB12F3B}" = protocol=6 | dir=in | app=d:\games\ut2004_gog\unreal tournament 2004\system\ut2004.exe |
"{3606EF69-469F-4839-9D1C-5CF85A5CDF6B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{3A3BB888-695D-4FE1-B97B-E3C1DDEC8B70}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{3AB3FD39-0FBB-48A0-89C8-ABD7A572B3C7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{3FE7F8FD-22A3-4E53-B0C4-873AE82A349C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe |
"{413E4316-EDEB-47D2-99CB-2F42F05F2A74}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |
"{41B9D9F5-E729-44E8-B049-FECBBAE7A9CF}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4244CE5C-6863-4F27-BFB6-130239B72417}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\hero academy\heroacademy.exe |
"{4384810F-0A2A-49B1-A739-B779C5A86EAA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{4C702260-28BC-4725-8DE2-9F2E0BC06C34}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2638\agent.exe |
"{4E91F914-7DE6-4A91-A529-67059F781074}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\easychat.exe |
"{52182039-40C9-4F7A-8352-4C905B8F8A53}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{577F0DAA-E7BE-4712-B648-C67B0D26301E}" = protocol=6 | dir=in | app=d:\games\ut2004\system\ut2004.exe |
"{5C977948-269C-43C0-9458-DE0F9780DF0B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{5DB59A90-BE5D-4DA4-B59F-10BC8D23B855}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5DF45A04-A77B-4F95-A559-64D122C510B7}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\solar 2\solar2.exe |
"{5EF48D70-6012-4E12-96A4-4E9FA19C8477}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{6061127B-7EFA-425E-9C0C-877AE46CB1F8}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{66F3A30C-5B06-4176-85B9-BAB934C4637A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{67583661-9D02-479A-B48B-1E6B24D5F58C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\hero academy\heroacademy.exe |
"{68C7B632-D5EB-4F80-9270-2408F6A54819}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{6A46396B-7FB3-4685-9BDA-5F766E848202}" = protocol=17 | dir=in | app=d:\games\hearthstone\hearthstone.exe |
"{6BCC9045-7AAC-4F0A-BE9A-245AF7E0C5F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6DC585DA-1FC6-4B69-995F-E1A3BB657CC7}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{6F6CC28D-0619-407D-9527-A3E7EF067581}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{70DC58BA-B05B-4457-9672-D4BED6288F02}" = protocol=6 | dir=in | app=d:\games\warcraft3\war3.exe |
"{7481BE68-54D6-449A-99A8-74DA8874BA07}" = protocol=6 | dir=in | app=c:\users\davo\appdata\roaming\dropbox\bin\dropbox.exe |
"{752D79D5-449B-4D78-A050-96DF8E8E1CF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{76A32C2C-2DA4-464D-875E-9D640E47BED4}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{77E9CC23-3986-4F97-8006-985842DC2D93}" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daupdatersvc.service.exe |
"{78D634C0-8DD1-42BB-96B1-75C455CC01B3}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{7C9F456A-7F12-4FD3-989D-CCE0F35E26E9}" = protocol=17 | dir=in | app=d:\games\dragon age\daoriginslauncher.exe |
"{810A161E-88E2-4DA0-9FE4-E07B2D3D3CE0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2638\agent.exe |
"{82D79AD8-D048-44DE-A816-39D41AD05375}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{85A99D57-8BC6-4E8C-8FFC-CF3188217946}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8D79EE6C-F661-4838-AB0A-5E8F7388CEFB}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{8E1DE6BA-7A51-4793-89F3-D5281ACCEEF0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8F9AD86E-DA07-459E-81B2-99521081F540}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe |
"{8FCC2EF1-C563-45DF-9635-1A0E19FE1E5C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe |
"{908FAFA2-48B1-4A6B-B490-792326E0812B}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{9278CFA6-EB53-45DA-A9B6-013D04B8B702}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\checkers.exe |
"{92A21040-949A-48FA-884C-D31997414820}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9EFB8C2B-99A7-43D8-B200-83234B9D2FAB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{9F8E7062-389B-46E7-8C6B-47B6A8CB4DE7}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe |
"{A2A76898-9DBB-4026-A03B-282DDA5512C5}" = protocol=6 | dir=in | app=d:\games\warcraft iii\war3.exe |
"{A6A51C15-63EF-431E-A933-8D60837818ED}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe |
"{A6A7CACC-47B6-4623-AEED-092E323EF5A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6EF4B7F-083B-486F-AABA-032B6E195EB8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\solar 2\solar2.exe |
"{A74F8517-2B69-4CAA-8247-BBC40206F548}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{A76069DA-8F68-49BE-8E62-4422303E7469}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\backgammon.exe |
"{A7D2A251-2C31-4B18-8EBE-8C7D5FD40CDB}" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daupdatersvc.service.exe |
"{A8CE058E-44F2-4FB9-AAB9-93D1A1BA52C9}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{AB7FB54F-7135-419B-8A80-6AA15C96EC43}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AF553C3C-69D5-46D2-BC84-539CBB03A3D8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{B09B6EBE-8B6D-4FA6-B451-F5C0A963045E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe |
"{B1DDF779-F7BA-4512-BB8B-632A18FC011C}" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe |
"{B2D6F801-418D-4FE8-8F94-98850806CE31}" = protocol=17 | dir=in | app=d:\games\warcraft3\war3.exe |
"{B77F7F8A-96B7-47D7-B36D-B2D2DF51521D}" = protocol=17 | dir=in | app=c:\users\davo\appdata\roaming\dropbox\bin\dropbox.exe |
"{B7A47C70-844F-4853-AC9B-7629C06EE905}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{BF52A338-55D8-4E36-9688-09A913ADFDA7}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{BFF6167C-025B-4FC7-ACE9-B082D9072E16}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C1880E7B-1821-4E1B-88CD-ACA3789CD22F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{CAF02B2A-938D-4D7B-8901-E37D12BF987E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{CDBAA14C-5146-476C-BB93-CA05D7E9F53E}" = protocol=6 | dir=in | app=d:\games\diablo 3\diablo iii\diablo iii.exe |
"{CE907635-0A8C-4E51-9D86-0238B34734E5}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |
"{D0F70A4E-2D93-4BD4-B841-0D3B4FDACDEF}" = protocol=17 | dir=in | app=d:\games\warcraft iii\war3.exe |
"{D10DBF01-E799-442C-8C9B-044B64478B25}" = protocol=17 | dir=in | app=c:\program files (x86)\local sync\localsync.exe |
"{D345B3C5-7CDD-4BFA-BA02-759F7BCFBB13}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{D5B139A2-632B-4DFF-835D-95DBC452AF59}" = protocol=17 | dir=in | app=d:\games\diablo 3\diablo iii\diablo iii.exe |
"{D619B10D-90AB-4D24-9C5E-BA6DD1E43E69}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{DA1C4D9F-1446-4D52-94F1-04337F700D71}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DB4CE823-F773-4CC6-94FF-7614F5E9ACFD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DD04964A-9250-4DA2-81C5-3F9C83A2038A}" = dir=in | app=c:\program files (x86)\plex media server\plexscripthost.exe |
"{DEA2B0D9-CEFB-4FF0-A134-0E6D35845AAA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E12D22A8-9271-4900-9150-52970B431D80}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{E8015D8A-35E0-46AC-9C36-F9E1ADF982E2}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{EBEAF8CA-61A5-406A-8437-E96218001D80}" = dir=in | app=c:\program files (x86)\plex media server\plex media server.exe |
"{F0AA6E45-2616-48FF-8D64-112196703D07}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{F2886549-815B-4844-8BBE-3FBC58D80EC3}" = protocol=6 | dir=in | app=d:\games\dragon age\daoriginslauncher.exe |
"{F34B4A71-BB76-4EFA-9060-5A9D5BF4D521}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F671AE5B-964F-4FC0-B463-404558A223FD}" = protocol=17 | dir=in | app=d:\games\ut2004_gog\unreal tournament 2004\system\ut2004.exe |
"{FB6BF2F1-6CB5-41F5-9E5E-179DFE4FC1EF}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{FE0F64A0-999A-4525-8240-1FC53B0B90E4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{FE4205CA-2BD8-4340-B2C8-322B0B763BA1}" = protocol=17 | dir=in | app=d:\games\ut2004\system\ut2004.exe |
"TCP Query User{09E69DA6-7DC3-4461-8A1D-50F481134BDF}C:\program files (x86)\miranda_cult_pack_1.11\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda_cult_pack_1.11\miranda32.exe |
"TCP Query User{0DC68D1F-0A60-4254-A47D-B695E04B7DF4}D:\games\borderlands\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\games\borderlands\borderlands\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{1C038FAA-8E50-41F5-ABF4-C4F237337F2F}C:\program files (x86)\tc powerpack 2\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tc powerpack 2\totalcmd.exe |
"TCP Query User{3345470D-2FDD-4A61-8CF8-D60C1A44E351}D:\games\warcraft3\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft3\war3.exe |
"TCP Query User{3BA7FA1E-EBE7-4AE2-BFEC-8ABB362C227B}C:\users\davo\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\davo\appdata\roaming\spotify\spotify.exe |
"TCP Query User{69EFFA9D-0F39-427E-B277-C55400E932B0}C:\users\davo\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\davo\appdata\roaming\spotify\spotify.exe |
"TCP Query User{6F784CB2-1FEF-4522-A408-522E42EEA8D1}D:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\war3.exe |
"TCP Query User{81930437-E2E1-4609-82A1-D2E45A8A3637}C:\program files (x86)\libreoffice 4\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files (x86)\libreoffice 4\program\soffice.bin |
"TCP Query User{84A68BB2-6E09-41B2-9729-B4E86B6DCA73}D:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe |
"TCP Query User{8D2C7412-99F7-4F5F-8580-7329FBFC7574}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"TCP Query User{99D5964A-91F6-44F8-9922-DB69C393E0C7}C:\program files (x86)\miranda_cult_pack_1.11\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda_cult_pack_1.11\miranda32.exe |
"TCP Query User{A24343E8-0AD6-47FF-B6CB-1A425F3C03D2}D:\games\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe |
"TCP Query User{BE6A0D2A-28C7-4C86-A9D2-FE8D951556B5}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{C1D59DBC-0086-4E2D-8EB4-BE8B532E3CB8}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{E3039197-8ECF-46B3-8A8E-6671B8AC56FC}D:\games\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=d:\games\quake iii arena\quake3.exe |
"TCP Query User{EA7161CF-140E-4921-B386-BACE3D99A855}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"UDP Query User{11C89064-D7D6-4DDC-AA70-666908A773CD}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{1F031DDC-66FF-4C6F-9F29-AAE78B7051A9}C:\program files (x86)\miranda_cult_pack_1.11\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda_cult_pack_1.11\miranda32.exe |
"UDP Query User{2A3EE509-C1E2-401C-874F-A6B3C9338563}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"UDP Query User{5444C447-7BE7-4E4A-9094-35CE3D950D19}D:\games\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=d:\games\quake iii arena\quake3.exe |
"UDP Query User{568ADE73-233C-46AE-BA00-08322CDFAA49}D:\games\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe |
"UDP Query User{77DAC642-6A98-45C1-AAFA-97E572945AFB}D:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\war3.exe |
"UDP Query User{872C8447-6E3E-4FBC-982C-478EA0C79644}C:\users\davo\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\davo\appdata\roaming\spotify\spotify.exe |
"UDP Query User{8EEDFE8C-D645-47B1-8723-DCF2EBC9CA46}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{908BE0DC-BEE3-404F-9324-76D6C12D95B6}C:\program files (x86)\libreoffice 4\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files (x86)\libreoffice 4\program\soffice.bin |
"UDP Query User{94DB5529-E153-4C4F-890C-FADD590645E7}D:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe |
"UDP Query User{A0E0370C-5174-43AB-8E54-922217B03117}C:\users\davo\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\davo\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B3588780-CE53-4B14-899B-A4A9E6059421}D:\games\warcraft3\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft3\war3.exe |
"UDP Query User{B3E108DF-3D43-405E-9D1D-0C35B2A2E759}D:\games\borderlands\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\games\borderlands\borderlands\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{C125610B-D7EB-445D-A8B7-FF56BAF88CFD}C:\program files (x86)\tc powerpack 2\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tc powerpack 2\totalcmd.exe |
"UDP Query User{C47E19EA-CC09-4312-BD10-2FDD29365ECD}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"UDP Query User{F7B17530-020C-49B7-8091-1F8574805216}C:\program files (x86)\miranda_cult_pack_1.11\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda_cult_pack_1.11\miranda32.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{57FCA88C-D94A-490A-B8C6-8ECC3A9A48D2}" = TortoiseSVN 1.8.5.25224 (64 bit)
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FB568DF-207C-4B21-AC57-FC0CC2A0B113}" = Oracle VM VirtualBox 4.3.4
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1" = Genymotion version 2.0.1
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7346B4A0-1300-0110-0409-705C0D862004}" = Revit Architecture 2013
"{7346B4A0-1300-0111-0409-705C0D862004}" = Revit Architecture 2013 Language Pack - English
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 266.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Autodesk Revit Architecture 2013" = Autodesk Revit Architecture 2013
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo R.I.C. (Robust Intelligent Companion)" = Lenovo R.I.C. (Robust Intelligent Companion)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"Sandboxie" = Sandboxie 3.76 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B74F57C-4636-4D70-A7A9-95074DF21802}" = Citrix Receiver(Aero)
"{0BE73D3C-B5AF-11E1-933A-984BE15F174E}" = Evernote v. 4.5.7
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{164B26C5-9BC9-48E8-8FB5-C3C0AC0FE1C8}" = Citrix Receiver Inside
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34D22F30-8921-44DA-8E58-0C2B6FB73492}" = Plex Media Server
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68C64BCD-A71E-4DAF-975A-F76F763372A2}" = Cn3D 4.3
"{6DA2B636-698A-3294-BF4A-B5E11B238CDD}" = Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 3.2.2.5
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}" = Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90B45DFA-5DD9-47F0-BCC7-F25B9562A738}" = Citrix Receiver(USB)
"{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}" = FARO LS 1.1.408.2
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94E11973-ED58-47A0-907C-ABF6D95C5DD8}" = LibreOffice 4.1.4.2
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95B8C1B9-FAB2-4F2B-976A-D0CE7290B5A1}" = MusicBee
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Czech
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD6E2415-407E-40D3-A550-126E67509D84}" = Citrix Receiver(DV)
"{AE2E0F4A-E08F-4A15-B4DC-D8FC9CEFF9C7}" = Online Plug-in
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Prameny
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}" = Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1D603C4-8C68-40F3-85AE-6DBEF3B712B5}" = Citrix Receiver (HDX Flash Redirection)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Try And Buy
"{D9C4202E-6D51-4B06-A8F1-22316E654BCA}" = Universal Adb Driver
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{e0ddf2be-025d-48b0-b17f-c5bb4d6d13de}" = Plex Media Server
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}" = Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF63DB41-2880-4C24-A06A-B8BF69B6406B}" = Unified Remote
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Avidemux 2.6 - 64bits (64-bit)" = Avidemux 2.6 - 64bits
"Battle.net" = Battle.net
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Diablo III" = Diablo III
"FARO LS_is1" = FARO LS 4.8.2.25521
"Flashtool" = Flashtool
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.24
"Launchy_21344213_is1" = Launchy 2.5
"Local Sync_is1" = Local Sync version 1.7.2.28
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"Mozilla Thunderbird 24.3.0 (x86 en-US)" = Mozilla Thunderbird 24.3.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Opera 12.01.1532" = Opera 12.01
"ownCloud" = ownCloud
"ProInst" = Intel PROSet Wireless
"Steam App 201790" = Orcs Must Die! 2
"Steam App 209270" = Hero Academy
"Steam App 210770" = Sanctum 2
"Steam App 41500" = Torchlight
"Steam App 42910" = Magicka
"Steam App 97000" = Solar 2
"TC PowerPack 2" = Total Commander PowerPack 2.0 beta
"TrueCrypt" = TrueCrypt
"Update Service" = Sony Ericsson Update Service
"uTorrent" = µTorrent
"VeriFace" = VeriFace
"VLC media player" = VLC media player 2.0.1
"Wandoujia2" = SnapPea
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2164984403-1494394889-1087947439-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18.1.2014 21:25:45 | Computer Name = ValeriePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5164

Error - 18.1.2014 21:25:46 | Computer Name = ValeriePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18.1.2014 21:25:46 | Computer Name = ValeriePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6162

Error - 18.1.2014 21:25:46 | Computer Name = ValeriePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6162

Error - 18.1.2014 21:25:47 | Computer Name = ValeriePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18.1.2014 21:25:47 | Computer Name = ValeriePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7160

Error - 18.1.2014 21:25:47 | Computer Name = ValeriePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7160

Error - 18.1.2014 21:25:48 | Computer Name = ValeriePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18.1.2014 21:25:48 | Computer Name = ValeriePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8159

Error - 18.1.2014 21:25:48 | Computer Name = ValeriePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8159

Error - 19.1.2014 9:43:10 | Computer Name = ValeriePC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 4.5.2013 21:29:01 | Computer Name = ValeriePC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 4.5.2013 21:29:01 | Computer Name = ValeriePC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Schedule service.

Error - 23.5.2013 5:15:27 | Computer Name = ValeriePC | Source = DCOM | ID = 10016
Description =

Error - 23.5.2013 5:15:27 | Computer Name = ValeriePC | Source = DCOM | ID = 10016
Description =

Error - 25.5.2013 8:38:24 | Computer Name = ValeriePC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 25.5.2013 8:38:24 | Computer Name = ValeriePC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 26.5.2013 1:33:40 | Computer Name = ValeriePC | Source = DCOM | ID = 10010
Description =

Error - 26.5.2013 1:49:47 | Computer Name = ValeriePC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 26.5.2013 1:50:06 | Computer Name = ValeriePC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 26.5.2013 1:51:06 | Computer Name = ValeriePC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056


< End of report >

--- EOF ---