Cavte kluci, mám problém s vyskakujúcimi reklamy. Prosim poradte, vopred ďakujem
Logfile of random's system information tool 1.09 (written by random/random)
Run by xxx at 2014-05-16 20:20:14
Microsoft Windows 7 Ultimate
System drive C: has 107 GB (70%) free of 153 GB
Total RAM: 3071 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:20:50, on 16. 5. 2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Connectify\ConnectifyService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Connectify\Connectifyd.exe
C:\Windows\explorer.exe
C:\Program Files\WebSpades\bin\WebSpades.BrowserAdapter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\xxx\Desktop\RSIT.exe
C:\Program Files\trend micro\xxx.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://E:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: organiser database (organiserservice) - Acresso - C:\PROGRA~1\VIVIDW~1\ORGANI~1.EXE
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Update WebSpades - Unknown owner - C:\Program Files\WebSpades\updateWebSpades.exe
O23 - Service: Util WebSpades - Unknown owner - C:\Program Files\WebSpades\bin\utilWebSpades.exe
O23 - Service: VirtualRouterService (Virtual Router) - Chris Pietschmann (http://pietschsoft.com) - C:\Program Files\Virtual Router\VirtualRouterService.exe
--
End of file - 8400 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-01-16 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2014-02-25 689744]
""= []
"Avira Systray"=C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [2014-05-05 182352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
E:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CDAServer]
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2010-12-17 332288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify]
C:\Program Files\Connectify\Connectify.exe [2010-01-15 920064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverChecker.exe]
C:\Program Files\Driver Checker\DriverChecker.exe [2011-05-25 11481400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-20 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Greenshot]
C:\Program Files\Greenshot\Greenshot.exe [2010-07-12 548864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-01-31 703360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-05-03 10082920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
c:\Program Files\Common Files\Corel\Standby\Standby.exe [2010-01-07 105632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Down2Home.lnk]
E:\PROGRA~1\DOWN2H~1\DOWN2H~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\307523~1.318\SSSCHE~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
E:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE [2011-02-09 3104768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tele.ring Mobile Internet.lnk]
C:\PROGRA~1\telering\TELE~1.RIN\TELERI~1.EXE [2008-07-28 1474560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk]
C:\Windows\INSTAL~1\{8DB05~1\_E6D97~1.EXE [2011-08-05 22486]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Obrazovková spinka a spúšťač programu OneNote 2010.lnk]
E:\PROGRA~1\MICROS~1\Office14\ONENOTEM.EXE []
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.dvacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=c:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-05-16 20:20:15 ----D---- C:\Program Files\trend micro
2014-05-16 20:20:14 ----D---- C:\rsit
2014-05-08 15:43:03 ----D---- C:\Windows\ERUNT
2014-05-06 16:39:36 ----D---- C:\Users\xxx\AppData\Roaming\DropboxMaster
2014-04-30 20:06:45 ----D---- C:\Windows\AutoKMS
2014-04-29 22:51:45 ----D---- C:\Users\xxx\AppData\Roaming\Mozilla
2014-04-25 22:08:05 ----A---- C:\Windows\system32\sqlite3.dll
2014-04-25 22:06:14 ----D---- C:\AdwCleaner
2014-04-25 21:56:54 ----D---- C:\Program Files\WebSpades
2014-04-25 21:25:45 ----D---- C:\Program Files\NAVIGON
======List of files/folders modified in the last 1 month======
2014-05-16 20:20:42 ----D---- C:\Windows\Prefetch
2014-05-16 20:20:35 ----D---- C:\Windows\Temp
2014-05-16 20:20:15 ----RD---- C:\Program Files
2014-05-16 20:13:50 ----SHD---- C:\System Volume Information
2014-05-16 20:09:35 ----A---- C:\Windows\win.ini
2014-05-16 20:05:18 ----D---- C:\Windows\System32
2014-05-16 20:05:18 ----D---- C:\Windows\inf
2014-05-16 20:05:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-16 20:03:00 ----D---- C:\Windows\system32\Tasks
2014-05-16 20:01:54 ----D---- C:\Program Files\Connectify
2014-05-16 20:01:41 ----D---- C:\Users\xxx\AppData\Roaming\Dropbox
2014-05-16 20:00:45 ----D---- C:\ProgramData\organiser
2014-05-14 20:06:42 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 13:39:03 ----HD---- C:\Config.Msi
2014-05-12 17:42:58 ----D---- C:\Windows\system32\config
2014-05-12 16:48:24 ----D---- C:\ProgramData\Package Cache
2014-05-12 16:48:23 ----SHD---- C:\Windows\Installer
2014-05-12 16:48:16 ----D---- C:\Program Files\Avira
2014-05-08 15:44:07 ----D---- C:\ProgramData
2014-05-08 15:43:03 ----D---- C:\Windows
2014-04-25 22:08:40 ----D---- C:\Program Files\Common Files
2014-04-22 18:54:04 ----D---- C:\Windows\system32\catroot2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-19 691696]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2014-02-25 135648]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2014-02-25 37352]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-08-22 21638]
R1 PQNTDrv;PQNTDrv; C:\Windows\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2014-02-25 28520]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-07-28 69480]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2014-02-25 90400]
R2 Hardlock;Hardlock; C:\Windows\system32\drivers\hardlock.sys [2006-11-22 693760]
R2 NSHE;Guardant Emulator Driver; \??\C:\Windows\system32\Drivers\NSHE.SYS [2008-11-23 97792]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2010-12-23 5120]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-11-06 1227776]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-09-11 5174272]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2011-06-16 182304]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2009-07-14 48128]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-07-14 1068032]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2011-01-12 25088]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2009-06-17 46984]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-05-18 10064]
S1 tcpipBM;Bytemobile Kernel Network Provider; C:\Windows\system32\drivers\tcpipBM.sys [2007-08-06 18816]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 GT72NDISIPXP;GT 72 IP NDIS; C:\Windows\system32\DRIVERS\Gt51Ip.sys [2008-02-18 106624]
S3 GT72UBUS;GT 72 U BUS; C:\Windows\system32\DRIVERS\gt72ubus.sys [2008-02-08 59648]
S3 GTPTSER;GT PT SER; C:\Windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-05-03 3484712]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-12-24 9216]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2010-12-02 18304]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2009-09-24 169320]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-06-19 42472]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-06-19 79872]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 21608]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2009-08-05 61168]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2009-09-14 49400]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-09-11 172032]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2014-02-25 440400]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2014-02-25 440400]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
R2 Avira.OE.ServiceHost;Avira Service Host; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-05-05 124496]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2008-05-08 122880]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; E:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 GtDetectSc;GtDetectSc; C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe [2007-12-18 196704]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 organiserservice;organiser database; C:\PROGRA~1\VIVIDW~1\ORGANI~1.EXE [2010-07-07 115712]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-06-06 1524544]
R2 Update WebSpades;Update WebSpades; C:\Program Files\WebSpades\updateWebSpades.exe [2014-05-15 317728]
R2 Util WebSpades;Util WebSpades; C:\Program Files\WebSpades\bin\utilWebSpades.exe [2014-05-14 317728]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Virtual Router;VirtualRouterService; C:\Program Files\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-22 136176]
S2 KMService;KMService; C:\Windows\system32\srvany.exe [2003-04-18 8192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 EhttpSrv;ESET HTTP Server; E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-22 136176]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 821608]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-10-21 148848]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [2014-02-25 1017424]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vyskakujúce reklamy
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Vyskakujúce reklamy
Zdravim 
Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna domaci verze 
Nebo je cinknuty stejne jako ty Office??
Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna domaci verze Nebo je cinknuty stejne jako ty Office?? "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Vyskakujúce reklamy
Áno, je legálny. Tak som notebook kúpil, odvtedy som nič s nim nerobil.
Re: Vyskakujúce reklamy
Takze mate na ntb COA stitek s licencnim cislem a udajem Windows Ultimate ano??
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
CREATERESTOREPOINT netsvcs drivers32 savembr:0 /md5start atapi.sys autochk.exe cdrom.sys explorer.exe hal.dll scecli.dll services.exe svchost.exe tcpip.sys userinit.exe winlogon.exe /md5stop %systemroot%*.* /U /s %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 %SYSTEMDRIVE%\*.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 %PROGRAMFILES%\Opera\opera.exe /md5 %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 %SystemDrive%\PhysicalMBR.bin /md5 *crack* /s *keygen* /s *loader* /s- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
- Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vyskakujúce reklamy
OTL Extras logfile created on: 16. 5. 2014 21:32:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 56,91% Memory free
6,00 Gb Paging File | 4,27 Gb Available in Paging File | 71,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,51 Gb Total Space | 105,18 Gb Free Space | 70,35% Space Free | Partition Type: NTFS
Drive D: | 87,90 Gb Total Space | 61,54 Gb Free Space | 70,01% Space Free | Partition Type: NTFS
Drive E: | 60,69 Gb Total Space | 40,66 Gb Free Space | 66,99% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- E:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A04E1B-5DF0-49D8-9313-98AE1B2AD903}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{098F26FA-CB07-471D-8B32-4866113110F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14A4A28A-BE6B-4DE0-BF8C-D10A24524F64}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{151D5A3D-6F34-43B4-9AAC-23F10F4713FD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1EF6BB63-7108-4CBD-BD4E-702E94BE11FD}" = lport=138 | protocol=17 | dir=in | app=system |
"{21FB0CBD-E456-4E6A-8353-52781DDC7666}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{28C5FE3D-ECF0-4CD3-B8B2-351680F61D55}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2981EC04-C90F-49F7-9D59-65BF27183F78}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{29A93522-DBDD-449C-9265-1F977B0EF22A}" = lport=139 | protocol=6 | dir=in | app=system |
"{37EE3910-B590-499F-AB1F-BAE0D9054C2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4202EE1D-969F-415A-B2DD-9673F9841268}" = rport=445 | protocol=6 | dir=out | app=system |
"{54CEF1B2-8A5C-402C-8418-93E9EDD496BD}" = rport=138 | protocol=17 | dir=out | app=system |
"{60289D82-37F8-4CB2-9877-79BF0569431F}" = lport=67 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{636DC3D2-8EFE-4343-95EC-062D1B85A62F}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{696C91E7-89B9-4C75-A23A-DFA6CEA184EA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{69C6C4BF-ED7B-423C-B649-462F99C607FF}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{70036CB8-E5D6-45D8-B206-4296239721CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D28ADB7-3799-4FA8-9417-23CB20F5F3BA}" = rport=2869 | protocol=6 | dir=out | app=system |
"{7EAC0CED-35D1-493C-8662-6888B8E3428D}" = lport=53 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{83B44478-EA0E-4AFF-878F-25412EAC2EAD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B1A2826-F64F-46D3-858D-1B9DEC1C93EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8E4F89DD-585D-4BD7-BEB2-46AADF90F73D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{930F5A63-9CCC-4EE0-91A3-4A45F140421E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96EB5802-D680-4BE5-9718-86B0BEADB39E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9BB463CE-2339-4220-AA4D-1BB23EE40D46}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9C0035A3-D2C5-4240-B322-9A468C9643C6}" = lport=68 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{9CBB8A89-9D33-45EA-A35A-DC06CE437F44}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1C47433-0381-45EB-877A-0DEFCE013A8B}" = rport=137 | protocol=17 | dir=out | app=system |
"{B0A134AA-9B6A-4DEF-862F-F963F0139E29}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B13D9A19-1124-4932-895B-937F72E289FF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B1F2FB3D-F70C-424C-AE25-49F6B7A492E0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C060C9B6-FE53-4631-A685-18E92DBF7F07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C11EF491-AFE2-4FF5-968F-6445886A24EC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C86ECA1D-CC9F-4F73-89A5-C7C7EA344B49}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA0264D8-0FBA-46F8-9F36-04865A955E7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CAF721C2-3D08-43B1-AE08-867C228E7665}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE473044-743B-4A02-98DC-4FE46D7C63EC}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D0E349FB-5D84-4E03-AA86-DA0FF4B41151}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D0ECC650-B46D-466C-AEBF-AE253DE208FA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DD98AE99-621D-4B92-90BD-8C203EAE1C2B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E08A8EDA-E4B0-4F45-877D-35AA7A6AF56B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6B2CDC5-78B3-4B6E-9B53-A9A564E1267F}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{E922910C-E5D7-44A7-A994-29D7A36E6807}" = lport=137 | protocol=17 | dir=in | app=system |
"{ECF27C83-5CE5-4235-A349-0653CF264425}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{FE45CEDD-C43D-46F5-87E3-243E1E916E0D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF53B333-7A5E-4339-9D2E-BDA823B12FC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033BCA5F-EB51-4003-AAA0-CACFEF4EBEA0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0619C739-244F-4773-A3E0-5B3C911B5088}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{081ED390-F7DC-4EDB-B688-33D3D74F7223}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{08970909-F1A1-4464-A734-125C7DB24990}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{08E22213-B28A-42C1-9EFA-3D383979E5D1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0A6B31A2-FD39-468E-9B16-90A7487323F8}" = dir=out | app=c:\windows\system32\svchost.exe |
"{0DA97769-4DF1-4187-A408-4596C827A90B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0DCCF8CC-5972-4AA4-9F84-DF97623C3D8A}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\umi.exe |
"{0F0E4649-282A-4354-B708-BD2A58BE9242}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1097CB2E-383D-4ADF-A3A4-27A2232B8849}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{14192190-4C68-4B3D-9075-4AF641FA333C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{19526FD8-CFE0-4AAE-BFE6-A57CE08C14C4}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{1A09E5C0-7084-4DE1-A0E3-710326690792}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1C8D7B33-929F-409C-BCBF-C61C6CF84658}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1C979F42-CC20-4840-85CF-3E0FDC3B79FA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1E591684-A1A5-4D53-A76D-597E2075D5B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2037D856-432F-455B-87A3-5C5783F102FC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22065155-9D75-4053-88AF-71ABCEF60CD6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2334758E-D9F7-4006-822E-8CDF0DD69CA2}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{24F18E5E-02B9-4DC0-96F5-95579BB96A8E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{251120FD-45D5-46BB-B11E-B990C6E87179}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2722BF5F-B602-49F3-9DCF-DBBDC09C8A31}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{273F7B65-93A7-4D08-AD8D-743BD24E30A1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{29712C64-32A5-4EC4-80E7-4958B7509DC3}" = protocol=6 | dir=out | app=system |
"{2AF5EE5A-601F-4812-A5BE-8D024CA366E5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B6D1028-4D6C-4EDD-BFF4-CE20FEA75E45}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\rm.exe |
"{2BD05B32-514C-499C-837E-80E20934F014}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2BF18F0A-BC7C-436E-BD73-C1876C6D5CC2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C2F4396-7087-4CA7-A2EC-1A726DEC404B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2EA43B27-5254-4A4C-9EBD-4F2138CDF723}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2FDA5454-DA41-42D4-90E1-AFB1D531EF1A}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{30332C9F-C5D1-41D1-B909-A929762F5C40}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{303A097D-58B7-4953-BDE5-2C16E6D9A49B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{311636DE-7F61-4A54-B976-C3360E3E0CA5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{32292BE7-2C9A-4351-B794-9C64D649104D}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{329EFD71-D756-464D-8C0A-6DF3D68AE23F}" = dir=in | app=e:\program files\itunes\itunes.exe |
"{347093DA-0626-440C-AECD-537AAD11CD0B}" = protocol=6 | dir=in | app=e:\program files\opera\opera.exe |
"{370EC0C6-5CB0-4617-9057-AC38606C593F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{399AE312-969C-4953-B9E7-9A627A163AE1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3EBCA555-A9AB-4778-B026-D3FDF6B1FCC4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3F7F6B49-7B15-4382-A018-2DB1E5D3DC91}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4733418D-C72A-4D62-B555-B555F0E49616}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{492610BF-F97B-42C0-BE79-FC70BE85F044}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{49DA7FFB-580C-4D7A-9A99-71D963EF06D5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E1FDA93-D916-4BDA-9162-327EA862B302}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56A777C2-6F95-4644-827A-BDAB1A9E5516}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{56E66B2E-C0AD-4C6B-B9FD-A355F1E4E943}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{593E71F1-52BA-492D-9293-0557DC5D500F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5B68308E-CEB3-41E2-9D89-34F605853D92}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5B85F2D9-B9FC-428A-A2D1-6D9E444E8864}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BC4836B-58B9-4405-942E-6886980BBC34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F5FDBD3-9064-4CBB-B743-07CAAC0BD2F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{62B3765B-E322-464F-B54E-54171A2ECE8F}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"{681A0A0A-E72D-4E59-B3D5-9C4C3B1A5C4E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6C37BAEF-9910-478A-A8F5-F2225D4A06F0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6ED96B5B-54BE-4F05-BAC8-1B43CA13C9B2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6EF12052-456E-402F-B914-56032B4DFA9D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7266D414-8B23-40AB-934E-B57025100A2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7682A1D9-D98D-40F2-A3D9-309D2CC5C5D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{76D953C5-C5B1-46C5-BDC5-1436724B31BE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{77777191-843E-41A3-8C9D-907D8E942769}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{78AC0DEB-6AD1-485F-8B0C-30406CFDA7E4}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\idsalert.exe |
"{7A12CE4A-0384-4729-9E17-478B3F96ED1F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7BE467E3-DAF1-4464-BEB0-8384EC69FB07}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7F038DF7-4648-4CF8-9650-374E1CF62CC9}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{8235965C-77C1-4C4B-8FA5-913A5685A18E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{83D7B461-F447-429E-BEF2-72D0FDFA19EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{874DB30A-9926-486D-8E81-7B3E8FDFE261}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{87CE450F-4EB0-43F6-8CCB-2EE9A2D9D9A9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9504CB83-4F25-4EB2-ACB1-4EB9BC016A48}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9582BED4-7810-40AB-9D85-40BFA78F33EA}" = protocol=17 | dir=in | app=e:\program files\opera\opera.exe |
"{96B678B2-80BC-4805-9BDD-0F6C7B8BC9A7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{97F588B8-645B-411E-B357-7E811FF75BC6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9A9FC8E3-6D75-46B4-A1D7-DED44FCF6AAD}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\ids.application.exe |
"{9AE0B1F6-2098-416D-B5CD-DEFDA7D3C66B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\umi.exe |
"{9BBF1AA7-7E40-47A1-B49A-D7E0DE3EB660}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9C101D7D-254B-4B33-BFEA-74EC05529AFB}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{9E13FFA5-D139-4B29-A5B0-E20977D4BCBF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{9E500259-4EC9-4555-947C-6B070B4BDDFD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9ECE1347-5F74-4578-9DA3-F3DADB760F69}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A0883899-5CD5-46EB-9461-ECD0512F48CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3758434-BA9B-4710-ADC3-F8225EB8D59E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A3B8B51E-59FC-402E-9852-FD4DB784193F}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{A3C84FA8-C388-401B-A704-40DEE5B71D32}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A3E4EAA7-9515-4DA3-BC8E-1162F8136E20}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A65BFC02-B559-4C29-B455-8931D143034E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A83AE8F1-E194-4655-94EE-6073320345BA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AB4E937F-4688-45AA-8402-87A476E72AA2}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\ordersupplies.exe |
"{ABF26130-E13B-4A2B-9242-B575B27712CE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC3EFD4C-FCF3-4DE3-B376-302F24A388A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B113F54C-FBA5-4CE2-BFD1-E5A271F13861}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B239DB4D-58CF-42FC-AB7C-65DCC9C6A007}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{B67B1EE2-AC77-422D-8624-43618D01BB46}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{B7D704D8-5B9D-4B96-9D2D-F74DF8D9298A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BA0D48F1-EF11-47EB-9E9A-EEB70CF5994E}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\idsalert.exe |
"{BEDEE696-1D9E-4D0E-93F5-ADE55A662264}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0580F35-112C-4503-9504-698356F345F4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0718863-E844-4AF4-B9CE-B47523BC3A34}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C9F6DD78-889E-44EB-B988-8F84B6E7236C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\rm.exe |
"{CE2C3DF9-ABBE-4D20-BC17-ED4521DD0075}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{CE803933-3284-4DF1-B082-45D2B0035C28}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D5F6C088-0AB8-48E3-8A1B-CB96CB771132}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{D7682C8F-500A-4507-B6D2-6F6A7E388038}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D81B7B7F-96D9-4873-91C9-3A144D992174}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D866D290-C20F-4A1B-824B-3CE6FA855116}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF916C9C-E5A5-413B-A056-1FCF1092CB07}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E54474FB-E931-4B0F-8710-3C54D56293B0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{E5E66415-5155-4424-BDE6-BCEAA502439B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E76D71A9-AFC8-4791-AC8A-3D7983FC207B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E808333B-6A7A-4043-91B7-F211E3F3DE58}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E8254CBF-FE26-43F0-87FE-542ED04265AF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E8E5AA78-C393-4FA6-BF63-5C4D22BB6D6B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{EAE11466-A359-474D-BCFB-FEA1F4184884}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EAE7D1E1-2CDE-4FD3-9ADC-46006D66B46E}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"{EDB5842B-1521-4CCD-8D77-05241E7A0B57}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\ordersupplies.exe |
"{F0D14869-78BA-43C0-A957-221363EF4845}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F1B4A8B0-8B0D-4476-9CEA-92D8A783F3B6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F34B6CC3-AC51-4920-92CE-75495860B3D3}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\ids.application.exe |
"{F5EF3DCC-127B-4285-8E8F-FA492D7BC25E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F99E4280-29A5-47CF-99CD-A5F1FC511A76}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{04949F17-F7C1-4D0F-9145-0A22670C0E37}C:\program files\pinnacle\studio 15\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"TCP Query User{161D5801-77E6-4E08-91BA-B1879B727A36}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{2F04E0A5-EDCB-43BF-822C-0379F451B5CC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{77317FCF-6606-418D-8D42-1BCEEBD11194}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7F279C0D-54BC-484E-A260-686A083A0A96}C:\users\xxx\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{9FBD2742-5574-4211-B9A3-2B82F1E71C4E}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{A61FB125-3B1A-43E9-B15E-7211BA87F476}E:\program files\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=e:\program files\age of empires ii\age2_x1.exe |
"TCP Query User{AA793899-C79D-4578-ABB2-05FE983A0A48}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{B175BA2D-134A-4888-88BA-C7EFD11D7C02}C:\program files\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files\torntv.com\torntv downloader.exe |
"TCP Query User{B966FFCA-BAA9-4124-9BC5-933AFFB733C8}E:\program files\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=e:\program files\age of empires ii\age2_x1.exe |
"TCP Query User{BC8EB301-1E56-414D-B26B-85144B79B8DB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{C8E2B809-70D8-48DC-8298-A55E30C9A5B3}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{D39DBFEF-9EDE-4741-A481-EFFC75C8715A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D6EB6DFE-DF13-4304-BCE0-7ACA9A6C1875}E:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=e:\program files\videolan\vlc\vlc.exe |
"TCP Query User{E0F833EE-D1C2-4A21-8F7D-3D1731A211F9}E:\program files\opera\opera.exe" = protocol=6 | dir=in | app=e:\program files\opera\opera.exe |
"TCP Query User{E7C13F52-3756-49DC-9464-DD9CD03170C5}E:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=e:\program files\videolan\vlc\vlc.exe |
"TCP Query User{EEA0BFC5-D6A1-4E69-8965-92DC8BC67E10}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{EFA7434A-1C27-4FD5-9A88-4978CEA47272}E:\program files\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=e:\program files\age of empires ii\empires2.exe |
"UDP Query User{1DB72705-7B8A-47B5-A134-FB0B1A09F60C}C:\users\xxx\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{1EC39EB4-7AA3-4C1A-812D-5B3162EEE09F}E:\program files\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=e:\program files\age of empires ii\age2_x1.exe |
"UDP Query User{2FCF9310-D2D4-477E-BE43-88821C3D8255}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{3992C2B4-7E14-4AB7-A223-4DD100225DFB}E:\program files\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=e:\program files\age of empires ii\empires2.exe |
"UDP Query User{49DC6475-A153-45D5-A363-22C609CCEF20}E:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=e:\program files\videolan\vlc\vlc.exe |
"UDP Query User{527C741A-FEE7-43BC-B4C3-8FA3C3EEE543}E:\program files\opera\opera.exe" = protocol=17 | dir=in | app=e:\program files\opera\opera.exe |
"UDP Query User{64A75C67-478A-4588-B432-78C50EF528A4}C:\program files\pinnacle\studio 15\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"UDP Query User{797A0305-63E7-4E21-B2DA-69966088BD9F}E:\program files\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=e:\program files\age of empires ii\age2_x1.exe |
"UDP Query User{90E4F784-1E70-434D-9755-6818130C5465}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{9B4456A5-2C18-455A-A5E0-2527185844A9}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A884D622-1ADB-42A6-90B0-E4DFEDF3AA51}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{AB24B7A8-8678-49F0-9FD2-655F8307763F}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{BBCCADCE-0DBF-45F9-BBF7-9B5A30368043}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CD1C5255-1148-4734-9DB1-7FF84FA3F6E3}C:\program files\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files\torntv.com\torntv downloader.exe |
"UDP Query User{D85F39BE-65E6-4583-80E1-10F699BC1D30}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{DCCD02B3-316D-4276-AD2D-F9369EEFD8E0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F3BC23E8-5D0F-4DCA-B3A5-CD4DBAF8C547}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F9B858FD-ADC6-465B-B83D-CE49DD6CEFB4}E:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=e:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04ECE31A-97BB-8BB1-D2E8-EC1372714CC9}" = Catalyst Control Center Graphics Full New
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1B2D7C42-3C29-A68E-8791-0B53750EBD77}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26A53F25-9BE6-5EE1-AFEF-E9CA10627F16}" = ccc-utility
"{27C58A0F-8919-B515-0B53-6E72D746C282}" = CCC Help Hungarian
"{27E71F27-22A0-4FFE-9BE4-EEF5C7966158}" = Magic Screenshot
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F509E0C-0E0F-DB5E-654C-7D813C41945F}" = Catalyst Control Center Graphics Previews Common
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{365BE129-689F-1A40-1860-40BB4B27D44C}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{452B3D5F-E389-6F8D-299C-DD161ED8C2B4}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CF249DD-83C5-C0FF-6339-D0F0F27A5B2E}" = CCC Help German
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{512F8764-CDF0-5AA5-0499-1DAE513634E8}" = CCC Help Polish
"{53B8DEB8-C7F2-5A8C-F378-9D96F041D5C8}" = Catalyst Control Center Graphics Light
"{5AB7F403-CB61-70CC-6F87-1085E814A20F}" = ccc-core-static
"{5C16076B-DB38-4E0E-9F36-9276010E4F51}" = Avira
"{5EEE7B03-1480-349B-D609-AEF99D709E82}" = Catalyst Control Center Graphics Previews Vista
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6CDDC4F7-4187-48B4-E820-EFB1EE37055A}" = CCC Help English
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70a79d1f-686d-4d5c-962b-07aa1294eae0}" = Avira
"{732A67B6-2581-4434-AE64-9A34CCF943D1}" = Jagd Simulator 2011
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A0ECE3A-E1FD-9E65-A032-302B3C76F474}" = ATI Catalyst Install Manager
"{7B2AC701-BC14-BF2A-8740-E3295756668D}" = CCC Help Chinese Traditional
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{81A50DB0-B69B-06B5-5558-5004A3FDE33D}" = Catalyst Control Center Localization All
"{82EB3396-1DB0-4766-85B8-9D13B9C9B862}" = pdfforge Toolbar v9.0
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8E29C1CE-346A-3F59-AE22-8C5B7F230498}" = Google Talk Plugin
"{8E2B51DD-98FF-E0C4-CC26-02191C8A89F1}" = Catalyst Control Center Graphics Full Existing
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2010
"{90140000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2010
"{90140000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2010
"{90140000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2010
"{90140000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2010
"{90140000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2010
"{90140000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2010
"{90140000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2010
"{90140000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2010
"{90140000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2010
"{9033C129-530C-A6DD-B5B9-5B16DFA32BC5}" = CCC Help Turkish
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum zariadení Windows Mobile
"{9180B851-7FC1-42E4-948C-D55B39F3CE41}_is1" = T-Mobile Communication Center 3.60.03.99
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41FE4C4-ADCE-86EE-1349-4DF0EE7D4AE1}" = CCC Help Korean
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7B67830-88BE-8FC2-C1EE-1CDD66EB2ACF}" = CCC Help Spanish
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92305D5-C607-692E-9CAD-B2DDD2434630}" = CCC Help Italian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.6 - Czech
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D1D69B3B-0A59-B788-5BC6-2F1F0953E252}" = CCC Help Czech
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK Wireless LAN Driver
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D84B7C7E-2E4D-4002-8CA8-EED4EDB333AC}" = MLE
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DB2B0F31-32D3-F858-F489-4418886BB360}" = CCC Help Chinese Standard
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7044E25-3038-4A76-9064-344AC038043E}" = Aktualizácia ovládača aplikácie Centrum zariadení Windows Mobile
"{EB5DF19E-75D5-4FF1-AE23-2A9A2E0F2BDD}" = Pinnacle Studio 15 Ultimate Plugins
"{ED25C3FA-AD94-A451-A908-BCD8D0C121B4}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E2505F-AA57-476B-9F67-F8C5E3938080}" = ESET Smart Security
"{F533217A-8B47-42A8-BECE-A05337EC5D7B}" = tele.ring Mobile Internet
"{F533217A-8B47-42A8-BECE-A05337EC5D7B}_x" = tele.ring Mobile Internet
"{F8C2A7A7-F655-E6A7-CE63-6FB8E4D50977}" = Catalyst Control Center Core Implementation
"{FC030CB5-46A6-4229-AD6E-0AC869F509C8}" = Pinnacle Studio Bonus Content
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AIMP2" = AIMP2
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Connectify" = Connectify
"Digsby" = Digsby
"Donald Duck" = Disney's Donald Duck
"Driver Checker_is1" = Driver Checker v2.7.5
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"ETKA 7.2 Final" = ETKA 7.2 Final
"Greenshot_is1" = Greenshot
"Hardlock Device Drivers" = Hardlock Device Drivers
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"JLC's Internet TV" = JLC's Internet TV
"Knoll Light Factory EZ Studio 15" = Knoll Light Factory EZ Studio 15
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NAVIGON Fresh" = NAVIGON Fresh 3.5.1
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.16.1860" = Opera 12.16
"Picasa 3" = Picasa 3
"Red Giant ToonIt Studio 15" = Red Giant ToonIt Studio 15
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung ML-1670 Series" = Samsung ML-1670 Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"Skype™ for Windows Mobile_is1" = Skype™ for Windows Mobile 3.0
"SuperMP3Download" = Super Mp3 Download
"TeamViewer 6" = TeamViewer 6
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Vivid WorkshopData ATI" = Vivid WorkshopData ATI
"VLC media player" = VLC media player 2.0.5
"WebSpades" = WebSpades
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archivátor
"ZonerPhotoStudio13_SK_is1" = Zoner Photo Studio 13
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16. 5. 2014 15:24:03 | Computer Name = NOTEBOOK | Source = Winlogon | ID = 4103
Description = Aktivácia licencie systému Windows zlyhala. Chyba: 0x80070005.
Error - 16. 5. 2014 15:29:25 | Computer Name = Notebook | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 16. 5. 2014 15:29:25 | Computer Name = Notebook | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
[ System Events ]
Error - 16. 5. 2014 14:19:30 | Computer Name = Notebook | Source = DCOM | ID = 10010
Description =
Error - 16. 5. 2014 14:32:58 | Computer Name = Notebook | Source = Service Control Manager | ID = 7023
Description = Služba Oznamovacia služba SPP bola ukončená s nasledujúcou chybou:
%%5
Error - 16. 5. 2014 15:24:00 | Computer Name = Notebook | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:46:18 on ?16. ?5. ?2014 was unexpected.
Error - 16. 5. 2014 15:26:25 | Computer Name = Notebook | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: tcpipBM
Error - 16. 5. 2014 15:57:01 | Computer Name = Notebook | Source = Service Control Manager | ID = 7023
Description = Služba Oznamovacia služba SPP bola ukončená s nasledujúcou chybou:
%%5
< End of report >
OTL logfile created on: 16. 5. 2014 21:32:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 56,91% Memory free
6,00 Gb Paging File | 4,27 Gb Available in Paging File | 71,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,51 Gb Total Space | 105,18 Gb Free Space | 70,35% Space Free | Partition Type: NTFS
Drive D: | 87,90 Gb Total Space | 61,54 Gb Free Space | 70,01% Space Free | Partition Type: NTFS
Drive E: | 60,69 Gb Total Space | 40,66 Gb Free Space | 66,99% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2014/05/16 21:27:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2014/05/15 11:41:23 | 000,317,728 | ---- | M] () -- C:\Program Files\WebSpades\updateWebSpades.exe
PRC - [2014/05/14 16:53:24 | 000,317,728 | ---- | M] () -- C:\Program Files\WebSpades\bin\utilWebSpades.exe
PRC - [2014/05/08 03:52:34 | 032,668,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/05/05 10:38:00 | 000,182,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/05/05 10:37:58 | 000,124,496 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/02/25 12:41:37 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014/02/25 12:41:34 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014/02/25 12:41:25 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/02/25 12:41:24 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/06/06 18:28:30 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/06/06 18:26:36 | 001,524,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/01/27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/07/07 12:10:53 | 000,115,712 | ---- | M] (Acresso) -- C:\Program Files\Vivid WorkshopData ATI\organiseronlyservice.exe
PRC - [2010/07/07 12:05:33 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Vivid WorkshopData ATI\jre\bin\javaw.exe
PRC - [2010/01/15 21:57:18 | 000,018,432 | ---- | M] (Nomadio, Inc.) -- C:\Program Files\Connectify\ConnectifyService.exe
PRC - [2010/01/15 21:56:52 | 000,653,824 | ---- | M] (Nomadio, Inc.) -- C:\Program Files\Connectify\Connectifyd.exe
PRC - [2009/11/18 13:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (http://pietschsoft.com)) -- C:\Program Files\Virtual Router\VirtualRouterService.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/11 13:22:36 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/09/11 13:22:08 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- E:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2008/05/08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2007/12/18 12:48:40 | 000,196,704 | ---- | M] (OptionNV) -- C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
========== Modules (No Company Name) ==========
MOD - [2014/05/16 21:24:50 | 000,041,984 | ---- | M] () -- c:\users\xxx\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjn1ojh.dll
MOD - [2014/05/05 10:37:58 | 000,138,320 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014/05/05 10:37:52 | 000,049,744 | ---- | M] () -- C:\Users\xxx\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014/04/24 02:33:13 | 000,390,472 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
MOD - [2014/04/24 02:33:10 | 004,081,480 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/24 02:33:05 | 000,674,632 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
MOD - [2014/04/24 02:33:04 | 000,093,000 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\libegl.dll
MOD - [2014/04/24 02:33:03 | 001,647,432 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/24 02:33:01 | 000,065,352 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/01/03 05:42:50 | 003,610,624 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 01:55:02 | 025,100,288 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2010/12/14 20:46:24 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll
MOD - [2010/12/14 20:45:24 | 001,065,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll
MOD - [2010/12/14 20:45:22 | 017,919,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll
MOD - [2010/12/14 20:43:33 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
MOD - [2010/12/14 20:43:18 | 000,645,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll
MOD - [2010/12/14 20:43:17 | 001,011,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll
MOD - [2010/12/14 20:43:16 | 002,625,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
MOD - [2010/12/14 20:43:16 | 000,142,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll
MOD - [2010/12/14 20:42:48 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2010/12/14 20:31:58 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2010/12/14 20:31:47 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2010/12/14 20:31:35 | 002,499,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\87a713cee613d08ee04ae9483a9d4716\System.Data.Linq.ni.dll
MOD - [2010/12/14 20:31:32 | 006,754,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll
MOD - [2010/12/14 20:31:23 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll
MOD - [2010/12/14 20:31:22 | 017,629,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2010/12/14 20:31:05 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2010/12/14 20:30:54 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2010/12/14 20:30:49 | 000,144,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll
MOD - [2010/12/14 20:30:46 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2010/12/14 20:30:42 | 000,973,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
MOD - [2010/12/14 20:30:38 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2010/12/14 20:30:30 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2010/12/14 20:30:23 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2010/01/15 21:56:38 | 000,006,144 | ---- | M] () -- C:\Program Files\Connectify\BuildProps.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/30 18:48:10 | 000,102,032 | ---- | M] () -- c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2009/07/14 06:55:41 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bf248d315e6a94b62f23a44fb47399a5\System.WorkflowServices.ni.dll
MOD - [2009/07/14 06:55:22 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\b685ea7755ea35759d886f06720a9d3a\System.ServiceModel.Web.ni.dll
MOD - [2009/07/14 06:45:34 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e791f7aea04b8d379f6dbaadb5fdeb96\System.IdentityModel.ni.dll
MOD - [2009/07/14 06:45:33 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e1adf6b481f5120153829fa54ee8a041\System.ServiceModel.ni.dll
MOD - [2009/07/14 06:43:53 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll
MOD - [2009/07/14 06:43:53 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\81282964925798589021d3e0e6de779f\SMDiagnostics.ni.dll
MOD - [2009/07/14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009/07/14 06:43:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e71959f4ec6eb386889050ac139835c7\System.ServiceProcess.ni.dll
MOD - [2009/07/14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/14 06:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2008/09/30 20:30:57 | 000,294,912 | ---- | M] () -- E:\Program Files\WinRAR\Rarlng.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- E:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2014/05/15 11:41:23 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files\WebSpades\updateWebSpades.exe -- (Update WebSpades)
SRV - [2014/05/14 20:06:42 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/14 16:53:24 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files\WebSpades\bin\utilWebSpades.exe -- (Util WebSpades)
SRV - [2014/05/05 10:37:58 | 000,124,496 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/02/25 12:41:37 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/02/25 12:41:34 | 001,017,424 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2014/02/25 12:41:25 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 18:26:36 | 001,524,544 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/06/06 18:23:58 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/01/27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/07/07 12:10:53 | 000,115,712 | ---- | M] (Acresso) [Auto | Running] -- C:\Program Files\Vivid WorkshopData ATI\organiseronlyservice.exe -- (organiserservice)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/11/18 13:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (http://pietschsoft.com)) [Auto | Running] -- C:\Program Files\Virtual Router\VirtualRouterService.exe -- (Virtual Router)
SRV - [2009/10/21 10:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/09/11 13:22:08 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- E:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/05/08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007/12/18 12:48:40 | 000,196,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a2ngzrzk)
DRV - [2014/02/25 12:41:37 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2014/02/25 12:41:28 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2014/02/25 12:41:26 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2014/02/25 12:41:24 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/16 08:28:55 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2011/05/18 16:19:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/01/12 11:42:12 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/12/24 18:05:11 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/12/24 18:05:11 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/12/24 18:05:11 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/12/24 18:05:11 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/12/23 08:06:56 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2010/12/02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/07/30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/26 12:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/07/26 12:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/05/19 09:35:45 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/24 17:54:26 | 000,169,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/09/14 14:29:36 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/09/11 13:54:34 | 005,174,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/08/05 12:55:08 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/07/28 20:01:26 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009/07/24 11:31:58 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/14 00:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2009/06/19 09:57:20 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/06/19 09:56:48 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/06/17 11:59:46 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008/11/23 11:23:04 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NSHE.SYS -- (NSHE)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/22 22:14:45 | 000,021,638 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/18 16:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2008/02/08 12:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/08/06 13:30:18 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007/03/30 12:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2002/09/16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 35 78 C9 30 78 CC 01 [binary data]
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\..\SearchScopes\{8D2F8F90-4AC2-451B-9AF6-926A4225D306}: "URL" = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\..\SearchScopes\{C3AE9855-0582-4A49-A2CF-0CE84E0FA978}: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: E:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\xxx\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/05/05 18:47:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: E:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/04/20 17:19:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/05/05 18:47:24 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://gogle.sk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: ProductName (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\miedgcmlgpmdagojnnbemlkgidepfjfi\0.9.8_0\plugin/NPIETab.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = E:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\xxx\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = E:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = E:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: RapidShare DownloadHelper = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpbkpjjkfakdcakapanjoeijlphieei\1.1.1\
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: HÄľadaĹĄ v Google = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SocialPlus! for Facebook = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidogommnbbcgnhfjkcgjnlonijjhmjl\2.6.8_0\
CHR - Extension: Facebook Disconnect = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.6.5_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_0\
CHR - Extension: AdBlock = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\
CHR - Extension: SearchPreview = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\3.4_0\
CHR - Extension: Forecastfox = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: IE Tab Classic = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\miedgcmlgpmdagojnnbemlkgidepfjfi\0.9.8_0\
CHR - Extension: Kontrola pošty Google = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: PeĹaĹľenka Google = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-133471220-1541798625-982354155-1001..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Od&oslať do programu OneNote - res://E:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{122E9D94-C752-4B5A-8710-E7E1A303AF15}: DhcpNameServer = 213.162.69.169 213.162.65.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4042884A-A132-4B62-8159-4685099A601B}: DhcpNameServer = 147.232.191.2 147.232.3.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C674D6D7-CDFA-4009-A263-34580704C046}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/09 18:57:57 | 000,007,892 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
O32 - AutoRun File - [2003/12/10 23:37:08 | 000,046,080 | ---- | M] (Siemens Medical Solutions, Department SW, Erlangen) - D:\AUTORUN.EXE -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{2371fc67-b9a2-11e0-97e7-00242162c0ea}\Shell - "" = AutoRun
O33 - MountPoints2\{2371fc67-b9a2-11e0-97e7-00242162c0ea}\Shell\AutoRun\command - "" = I:\setup.exe AUTORUN=1
O33 - MountPoints2\{43cfa231-6319-11df-bc68-00242162c0ea}\Shell - "" = AutoRun
O33 - MountPoints2\{43cfa231-6319-11df-bc68-00242162c0ea}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{43cfa231-6319-11df-bc68-00242162c0ea}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{43cfa231-6319-11df-bc68-00242162c0ea}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{6e6a6859-79dc-11df-b45c-00242162c0ea}\Shell - "" = AutoRun
O33 - MountPoints2\{6e6a6859-79dc-11df-b45c-00242162c0ea}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.dvacm - c:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - c:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - c:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2014/05/16 21:27:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2014/05/16 20:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/05/16 20:20:14 | 000,000,000 | ---D | C] -- C:\rsit
[2014/05/15 19:10:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\BC konečna
[2 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2014/05/16 21:34:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/05/16 21:29:25 | 000,651,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/16 21:29:25 | 000,120,580 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/16 21:27:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2014/05/16 21:24:32 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/16 21:23:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/16 21:23:52 | 2415,419,392 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/16 20:19:55 | 000,781,383 | ---- | M] () -- C:\Users\xxx\Desktop\RSIT.exe
[2014/05/16 20:06:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/16 20:02:49 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/15 21:28:35 | 000,009,584 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/15 21:28:35 | 000,009,584 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/15 20:56:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001UA.job
[2014/05/15 16:37:15 | 000,001,047 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/14 20:06:42 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/14 20:06:42 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/12 16:48:18 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/05/11 14:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001Core.job
[2 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 56,91% Memory free
6,00 Gb Paging File | 4,27 Gb Available in Paging File | 71,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,51 Gb Total Space | 105,18 Gb Free Space | 70,35% Space Free | Partition Type: NTFS
Drive D: | 87,90 Gb Total Space | 61,54 Gb Free Space | 70,01% Space Free | Partition Type: NTFS
Drive E: | 60,69 Gb Total Space | 40,66 Gb Free Space | 66,99% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- E:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A04E1B-5DF0-49D8-9313-98AE1B2AD903}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{098F26FA-CB07-471D-8B32-4866113110F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14A4A28A-BE6B-4DE0-BF8C-D10A24524F64}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{151D5A3D-6F34-43B4-9AAC-23F10F4713FD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1EF6BB63-7108-4CBD-BD4E-702E94BE11FD}" = lport=138 | protocol=17 | dir=in | app=system |
"{21FB0CBD-E456-4E6A-8353-52781DDC7666}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{28C5FE3D-ECF0-4CD3-B8B2-351680F61D55}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2981EC04-C90F-49F7-9D59-65BF27183F78}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{29A93522-DBDD-449C-9265-1F977B0EF22A}" = lport=139 | protocol=6 | dir=in | app=system |
"{37EE3910-B590-499F-AB1F-BAE0D9054C2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4202EE1D-969F-415A-B2DD-9673F9841268}" = rport=445 | protocol=6 | dir=out | app=system |
"{54CEF1B2-8A5C-402C-8418-93E9EDD496BD}" = rport=138 | protocol=17 | dir=out | app=system |
"{60289D82-37F8-4CB2-9877-79BF0569431F}" = lport=67 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{636DC3D2-8EFE-4343-95EC-062D1B85A62F}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{696C91E7-89B9-4C75-A23A-DFA6CEA184EA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{69C6C4BF-ED7B-423C-B649-462F99C607FF}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{70036CB8-E5D6-45D8-B206-4296239721CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D28ADB7-3799-4FA8-9417-23CB20F5F3BA}" = rport=2869 | protocol=6 | dir=out | app=system |
"{7EAC0CED-35D1-493C-8662-6888B8E3428D}" = lport=53 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{83B44478-EA0E-4AFF-878F-25412EAC2EAD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B1A2826-F64F-46D3-858D-1B9DEC1C93EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8E4F89DD-585D-4BD7-BEB2-46AADF90F73D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{930F5A63-9CCC-4EE0-91A3-4A45F140421E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96EB5802-D680-4BE5-9718-86B0BEADB39E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9BB463CE-2339-4220-AA4D-1BB23EE40D46}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9C0035A3-D2C5-4240-B322-9A468C9643C6}" = lport=68 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{9CBB8A89-9D33-45EA-A35A-DC06CE437F44}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1C47433-0381-45EB-877A-0DEFCE013A8B}" = rport=137 | protocol=17 | dir=out | app=system |
"{B0A134AA-9B6A-4DEF-862F-F963F0139E29}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B13D9A19-1124-4932-895B-937F72E289FF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B1F2FB3D-F70C-424C-AE25-49F6B7A492E0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C060C9B6-FE53-4631-A685-18E92DBF7F07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C11EF491-AFE2-4FF5-968F-6445886A24EC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C86ECA1D-CC9F-4F73-89A5-C7C7EA344B49}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA0264D8-0FBA-46F8-9F36-04865A955E7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CAF721C2-3D08-43B1-AE08-867C228E7665}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE473044-743B-4A02-98DC-4FE46D7C63EC}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D0E349FB-5D84-4E03-AA86-DA0FF4B41151}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D0ECC650-B46D-466C-AEBF-AE253DE208FA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DD98AE99-621D-4B92-90BD-8C203EAE1C2B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E08A8EDA-E4B0-4F45-877D-35AA7A6AF56B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6B2CDC5-78B3-4B6E-9B53-A9A564E1267F}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{E922910C-E5D7-44A7-A994-29D7A36E6807}" = lport=137 | protocol=17 | dir=in | app=system |
"{ECF27C83-5CE5-4235-A349-0653CF264425}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{FE45CEDD-C43D-46F5-87E3-243E1E916E0D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF53B333-7A5E-4339-9D2E-BDA823B12FC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033BCA5F-EB51-4003-AAA0-CACFEF4EBEA0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0619C739-244F-4773-A3E0-5B3C911B5088}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{081ED390-F7DC-4EDB-B688-33D3D74F7223}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{08970909-F1A1-4464-A734-125C7DB24990}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{08E22213-B28A-42C1-9EFA-3D383979E5D1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0A6B31A2-FD39-468E-9B16-90A7487323F8}" = dir=out | app=c:\windows\system32\svchost.exe |
"{0DA97769-4DF1-4187-A408-4596C827A90B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0DCCF8CC-5972-4AA4-9F84-DF97623C3D8A}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\umi.exe |
"{0F0E4649-282A-4354-B708-BD2A58BE9242}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1097CB2E-383D-4ADF-A3A4-27A2232B8849}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{14192190-4C68-4B3D-9075-4AF641FA333C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{19526FD8-CFE0-4AAE-BFE6-A57CE08C14C4}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{1A09E5C0-7084-4DE1-A0E3-710326690792}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1C8D7B33-929F-409C-BCBF-C61C6CF84658}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1C979F42-CC20-4840-85CF-3E0FDC3B79FA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1E591684-A1A5-4D53-A76D-597E2075D5B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2037D856-432F-455B-87A3-5C5783F102FC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22065155-9D75-4053-88AF-71ABCEF60CD6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2334758E-D9F7-4006-822E-8CDF0DD69CA2}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{24F18E5E-02B9-4DC0-96F5-95579BB96A8E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{251120FD-45D5-46BB-B11E-B990C6E87179}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2722BF5F-B602-49F3-9DCF-DBBDC09C8A31}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{273F7B65-93A7-4D08-AD8D-743BD24E30A1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{29712C64-32A5-4EC4-80E7-4958B7509DC3}" = protocol=6 | dir=out | app=system |
"{2AF5EE5A-601F-4812-A5BE-8D024CA366E5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B6D1028-4D6C-4EDD-BFF4-CE20FEA75E45}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\rm.exe |
"{2BD05B32-514C-499C-837E-80E20934F014}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2BF18F0A-BC7C-436E-BD73-C1876C6D5CC2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C2F4396-7087-4CA7-A2EC-1A726DEC404B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2EA43B27-5254-4A4C-9EBD-4F2138CDF723}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2FDA5454-DA41-42D4-90E1-AFB1D531EF1A}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{30332C9F-C5D1-41D1-B909-A929762F5C40}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{303A097D-58B7-4953-BDE5-2C16E6D9A49B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{311636DE-7F61-4A54-B976-C3360E3E0CA5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{32292BE7-2C9A-4351-B794-9C64D649104D}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{329EFD71-D756-464D-8C0A-6DF3D68AE23F}" = dir=in | app=e:\program files\itunes\itunes.exe |
"{347093DA-0626-440C-AECD-537AAD11CD0B}" = protocol=6 | dir=in | app=e:\program files\opera\opera.exe |
"{370EC0C6-5CB0-4617-9057-AC38606C593F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{399AE312-969C-4953-B9E7-9A627A163AE1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3EBCA555-A9AB-4778-B026-D3FDF6B1FCC4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3F7F6B49-7B15-4382-A018-2DB1E5D3DC91}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4733418D-C72A-4D62-B555-B555F0E49616}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{492610BF-F97B-42C0-BE79-FC70BE85F044}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{49DA7FFB-580C-4D7A-9A99-71D963EF06D5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E1FDA93-D916-4BDA-9162-327EA862B302}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56A777C2-6F95-4644-827A-BDAB1A9E5516}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{56E66B2E-C0AD-4C6B-B9FD-A355F1E4E943}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{593E71F1-52BA-492D-9293-0557DC5D500F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5B68308E-CEB3-41E2-9D89-34F605853D92}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5B85F2D9-B9FC-428A-A2D1-6D9E444E8864}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BC4836B-58B9-4405-942E-6886980BBC34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F5FDBD3-9064-4CBB-B743-07CAAC0BD2F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{62B3765B-E322-464F-B54E-54171A2ECE8F}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"{681A0A0A-E72D-4E59-B3D5-9C4C3B1A5C4E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6C37BAEF-9910-478A-A8F5-F2225D4A06F0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6ED96B5B-54BE-4F05-BAC8-1B43CA13C9B2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6EF12052-456E-402F-B914-56032B4DFA9D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7266D414-8B23-40AB-934E-B57025100A2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7682A1D9-D98D-40F2-A3D9-309D2CC5C5D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{76D953C5-C5B1-46C5-BDC5-1436724B31BE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{77777191-843E-41A3-8C9D-907D8E942769}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{78AC0DEB-6AD1-485F-8B0C-30406CFDA7E4}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\idsalert.exe |
"{7A12CE4A-0384-4729-9E17-478B3F96ED1F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7BE467E3-DAF1-4464-BEB0-8384EC69FB07}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7F038DF7-4648-4CF8-9650-374E1CF62CC9}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{8235965C-77C1-4C4B-8FA5-913A5685A18E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{83D7B461-F447-429E-BEF2-72D0FDFA19EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{874DB30A-9926-486D-8E81-7B3E8FDFE261}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{87CE450F-4EB0-43F6-8CCB-2EE9A2D9D9A9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9504CB83-4F25-4EB2-ACB1-4EB9BC016A48}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9582BED4-7810-40AB-9D85-40BFA78F33EA}" = protocol=17 | dir=in | app=e:\program files\opera\opera.exe |
"{96B678B2-80BC-4805-9BDD-0F6C7B8BC9A7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{97F588B8-645B-411E-B357-7E811FF75BC6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9A9FC8E3-6D75-46B4-A1D7-DED44FCF6AAD}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\ids.application.exe |
"{9AE0B1F6-2098-416D-B5CD-DEFDA7D3C66B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\umi.exe |
"{9BBF1AA7-7E40-47A1-B49A-D7E0DE3EB660}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9C101D7D-254B-4B33-BFEA-74EC05529AFB}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{9E13FFA5-D139-4B29-A5B0-E20977D4BCBF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{9E500259-4EC9-4555-947C-6B070B4BDDFD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9ECE1347-5F74-4578-9DA3-F3DADB760F69}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A0883899-5CD5-46EB-9461-ECD0512F48CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3758434-BA9B-4710-ADC3-F8225EB8D59E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A3B8B51E-59FC-402E-9852-FD4DB784193F}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{A3C84FA8-C388-401B-A704-40DEE5B71D32}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A3E4EAA7-9515-4DA3-BC8E-1162F8136E20}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A65BFC02-B559-4C29-B455-8931D143034E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A83AE8F1-E194-4655-94EE-6073320345BA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AB4E937F-4688-45AA-8402-87A476E72AA2}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\ordersupplies.exe |
"{ABF26130-E13B-4A2B-9242-B575B27712CE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC3EFD4C-FCF3-4DE3-B376-302F24A388A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B113F54C-FBA5-4CE2-BFD1-E5A271F13861}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B239DB4D-58CF-42FC-AB7C-65DCC9C6A007}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{B67B1EE2-AC77-422D-8624-43618D01BB46}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{B7D704D8-5B9D-4B96-9D2D-F74DF8D9298A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BA0D48F1-EF11-47EB-9E9A-EEB70CF5994E}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\idsalert.exe |
"{BEDEE696-1D9E-4D0E-93F5-ADE55A662264}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0580F35-112C-4503-9504-698356F345F4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0718863-E844-4AF4-B9CE-B47523BC3A34}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C9F6DD78-889E-44EB-B988-8F84B6E7236C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\rm.exe |
"{CE2C3DF9-ABBE-4D20-BC17-ED4521DD0075}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{CE803933-3284-4DF1-B082-45D2B0035C28}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D5F6C088-0AB8-48E3-8A1B-CB96CB771132}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{D7682C8F-500A-4507-B6D2-6F6A7E388038}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D81B7B7F-96D9-4873-91C9-3A144D992174}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D866D290-C20F-4A1B-824B-3CE6FA855116}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF916C9C-E5A5-413B-A056-1FCF1092CB07}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E54474FB-E931-4B0F-8710-3C54D56293B0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{E5E66415-5155-4424-BDE6-BCEAA502439B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E76D71A9-AFC8-4791-AC8A-3D7983FC207B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E808333B-6A7A-4043-91B7-F211E3F3DE58}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E8254CBF-FE26-43F0-87FE-542ED04265AF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E8E5AA78-C393-4FA6-BF63-5C4D22BB6D6B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{EAE11466-A359-474D-BCFB-FEA1F4184884}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EAE7D1E1-2CDE-4FD3-9ADC-46006D66B46E}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"{EDB5842B-1521-4CCD-8D77-05241E7A0B57}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\ordersupplies.exe |
"{F0D14869-78BA-43C0-A957-221363EF4845}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F1B4A8B0-8B0D-4476-9CEA-92D8A783F3B6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F34B6CC3-AC51-4920-92CE-75495860B3D3}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\ids.application.exe |
"{F5EF3DCC-127B-4285-8E8F-FA492D7BC25E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F99E4280-29A5-47CF-99CD-A5F1FC511A76}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{04949F17-F7C1-4D0F-9145-0A22670C0E37}C:\program files\pinnacle\studio 15\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"TCP Query User{161D5801-77E6-4E08-91BA-B1879B727A36}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{2F04E0A5-EDCB-43BF-822C-0379F451B5CC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{77317FCF-6606-418D-8D42-1BCEEBD11194}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7F279C0D-54BC-484E-A260-686A083A0A96}C:\users\xxx\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{9FBD2742-5574-4211-B9A3-2B82F1E71C4E}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{A61FB125-3B1A-43E9-B15E-7211BA87F476}E:\program files\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=e:\program files\age of empires ii\age2_x1.exe |
"TCP Query User{AA793899-C79D-4578-ABB2-05FE983A0A48}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{B175BA2D-134A-4888-88BA-C7EFD11D7C02}C:\program files\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files\torntv.com\torntv downloader.exe |
"TCP Query User{B966FFCA-BAA9-4124-9BC5-933AFFB733C8}E:\program files\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=e:\program files\age of empires ii\age2_x1.exe |
"TCP Query User{BC8EB301-1E56-414D-B26B-85144B79B8DB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{C8E2B809-70D8-48DC-8298-A55E30C9A5B3}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{D39DBFEF-9EDE-4741-A481-EFFC75C8715A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D6EB6DFE-DF13-4304-BCE0-7ACA9A6C1875}E:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=e:\program files\videolan\vlc\vlc.exe |
"TCP Query User{E0F833EE-D1C2-4A21-8F7D-3D1731A211F9}E:\program files\opera\opera.exe" = protocol=6 | dir=in | app=e:\program files\opera\opera.exe |
"TCP Query User{E7C13F52-3756-49DC-9464-DD9CD03170C5}E:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=e:\program files\videolan\vlc\vlc.exe |
"TCP Query User{EEA0BFC5-D6A1-4E69-8965-92DC8BC67E10}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{EFA7434A-1C27-4FD5-9A88-4978CEA47272}E:\program files\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=e:\program files\age of empires ii\empires2.exe |
"UDP Query User{1DB72705-7B8A-47B5-A134-FB0B1A09F60C}C:\users\xxx\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{1EC39EB4-7AA3-4C1A-812D-5B3162EEE09F}E:\program files\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=e:\program files\age of empires ii\age2_x1.exe |
"UDP Query User{2FCF9310-D2D4-477E-BE43-88821C3D8255}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{3992C2B4-7E14-4AB7-A223-4DD100225DFB}E:\program files\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=e:\program files\age of empires ii\empires2.exe |
"UDP Query User{49DC6475-A153-45D5-A363-22C609CCEF20}E:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=e:\program files\videolan\vlc\vlc.exe |
"UDP Query User{527C741A-FEE7-43BC-B4C3-8FA3C3EEE543}E:\program files\opera\opera.exe" = protocol=17 | dir=in | app=e:\program files\opera\opera.exe |
"UDP Query User{64A75C67-478A-4588-B432-78C50EF528A4}C:\program files\pinnacle\studio 15\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"UDP Query User{797A0305-63E7-4E21-B2DA-69966088BD9F}E:\program files\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=e:\program files\age of empires ii\age2_x1.exe |
"UDP Query User{90E4F784-1E70-434D-9755-6818130C5465}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{9B4456A5-2C18-455A-A5E0-2527185844A9}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A884D622-1ADB-42A6-90B0-E4DFEDF3AA51}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{AB24B7A8-8678-49F0-9FD2-655F8307763F}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{BBCCADCE-0DBF-45F9-BBF7-9B5A30368043}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CD1C5255-1148-4734-9DB1-7FF84FA3F6E3}C:\program files\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files\torntv.com\torntv downloader.exe |
"UDP Query User{D85F39BE-65E6-4583-80E1-10F699BC1D30}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{DCCD02B3-316D-4276-AD2D-F9369EEFD8E0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F3BC23E8-5D0F-4DCA-B3A5-CD4DBAF8C547}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F9B858FD-ADC6-465B-B83D-CE49DD6CEFB4}E:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=e:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04ECE31A-97BB-8BB1-D2E8-EC1372714CC9}" = Catalyst Control Center Graphics Full New
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1B2D7C42-3C29-A68E-8791-0B53750EBD77}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26A53F25-9BE6-5EE1-AFEF-E9CA10627F16}" = ccc-utility
"{27C58A0F-8919-B515-0B53-6E72D746C282}" = CCC Help Hungarian
"{27E71F27-22A0-4FFE-9BE4-EEF5C7966158}" = Magic Screenshot
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F509E0C-0E0F-DB5E-654C-7D813C41945F}" = Catalyst Control Center Graphics Previews Common
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{365BE129-689F-1A40-1860-40BB4B27D44C}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{452B3D5F-E389-6F8D-299C-DD161ED8C2B4}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CF249DD-83C5-C0FF-6339-D0F0F27A5B2E}" = CCC Help German
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{512F8764-CDF0-5AA5-0499-1DAE513634E8}" = CCC Help Polish
"{53B8DEB8-C7F2-5A8C-F378-9D96F041D5C8}" = Catalyst Control Center Graphics Light
"{5AB7F403-CB61-70CC-6F87-1085E814A20F}" = ccc-core-static
"{5C16076B-DB38-4E0E-9F36-9276010E4F51}" = Avira
"{5EEE7B03-1480-349B-D609-AEF99D709E82}" = Catalyst Control Center Graphics Previews Vista
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6CDDC4F7-4187-48B4-E820-EFB1EE37055A}" = CCC Help English
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70a79d1f-686d-4d5c-962b-07aa1294eae0}" = Avira
"{732A67B6-2581-4434-AE64-9A34CCF943D1}" = Jagd Simulator 2011
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A0ECE3A-E1FD-9E65-A032-302B3C76F474}" = ATI Catalyst Install Manager
"{7B2AC701-BC14-BF2A-8740-E3295756668D}" = CCC Help Chinese Traditional
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{81A50DB0-B69B-06B5-5558-5004A3FDE33D}" = Catalyst Control Center Localization All
"{82EB3396-1DB0-4766-85B8-9D13B9C9B862}" = pdfforge Toolbar v9.0
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8E29C1CE-346A-3F59-AE22-8C5B7F230498}" = Google Talk Plugin
"{8E2B51DD-98FF-E0C4-CC26-02191C8A89F1}" = Catalyst Control Center Graphics Full Existing
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2010
"{90140000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2010
"{90140000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2010
"{90140000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2010
"{90140000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2010
"{90140000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2010
"{90140000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2010
"{90140000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2010
"{90140000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2010
"{90140000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2010
"{9033C129-530C-A6DD-B5B9-5B16DFA32BC5}" = CCC Help Turkish
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum zariadení Windows Mobile
"{9180B851-7FC1-42E4-948C-D55B39F3CE41}_is1" = T-Mobile Communication Center 3.60.03.99
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41FE4C4-ADCE-86EE-1349-4DF0EE7D4AE1}" = CCC Help Korean
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7B67830-88BE-8FC2-C1EE-1CDD66EB2ACF}" = CCC Help Spanish
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92305D5-C607-692E-9CAD-B2DDD2434630}" = CCC Help Italian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.6 - Czech
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D1D69B3B-0A59-B788-5BC6-2F1F0953E252}" = CCC Help Czech
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK Wireless LAN Driver
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D84B7C7E-2E4D-4002-8CA8-EED4EDB333AC}" = MLE
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DB2B0F31-32D3-F858-F489-4418886BB360}" = CCC Help Chinese Standard
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7044E25-3038-4A76-9064-344AC038043E}" = Aktualizácia ovládača aplikácie Centrum zariadení Windows Mobile
"{EB5DF19E-75D5-4FF1-AE23-2A9A2E0F2BDD}" = Pinnacle Studio 15 Ultimate Plugins
"{ED25C3FA-AD94-A451-A908-BCD8D0C121B4}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E2505F-AA57-476B-9F67-F8C5E3938080}" = ESET Smart Security
"{F533217A-8B47-42A8-BECE-A05337EC5D7B}" = tele.ring Mobile Internet
"{F533217A-8B47-42A8-BECE-A05337EC5D7B}_x" = tele.ring Mobile Internet
"{F8C2A7A7-F655-E6A7-CE63-6FB8E4D50977}" = Catalyst Control Center Core Implementation
"{FC030CB5-46A6-4229-AD6E-0AC869F509C8}" = Pinnacle Studio Bonus Content
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AIMP2" = AIMP2
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Connectify" = Connectify
"Digsby" = Digsby
"Donald Duck" = Disney's Donald Duck
"Driver Checker_is1" = Driver Checker v2.7.5
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"ETKA 7.2 Final" = ETKA 7.2 Final
"Greenshot_is1" = Greenshot
"Hardlock Device Drivers" = Hardlock Device Drivers
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"JLC's Internet TV" = JLC's Internet TV
"Knoll Light Factory EZ Studio 15" = Knoll Light Factory EZ Studio 15
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NAVIGON Fresh" = NAVIGON Fresh 3.5.1
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.16.1860" = Opera 12.16
"Picasa 3" = Picasa 3
"Red Giant ToonIt Studio 15" = Red Giant ToonIt Studio 15
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung ML-1670 Series" = Samsung ML-1670 Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"Skype™ for Windows Mobile_is1" = Skype™ for Windows Mobile 3.0
"SuperMP3Download" = Super Mp3 Download
"TeamViewer 6" = TeamViewer 6
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Vivid WorkshopData ATI" = Vivid WorkshopData ATI
"VLC media player" = VLC media player 2.0.5
"WebSpades" = WebSpades
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archivátor
"ZonerPhotoStudio13_SK_is1" = Zoner Photo Studio 13
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16. 5. 2014 15:24:03 | Computer Name = NOTEBOOK | Source = Winlogon | ID = 4103
Description = Aktivácia licencie systému Windows zlyhala. Chyba: 0x80070005.
Error - 16. 5. 2014 15:29:25 | Computer Name = Notebook | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 16. 5. 2014 15:29:25 | Computer Name = Notebook | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
[ System Events ]
Error - 16. 5. 2014 14:19:30 | Computer Name = Notebook | Source = DCOM | ID = 10010
Description =
Error - 16. 5. 2014 14:32:58 | Computer Name = Notebook | Source = Service Control Manager | ID = 7023
Description = Služba Oznamovacia služba SPP bola ukončená s nasledujúcou chybou:
%%5
Error - 16. 5. 2014 15:24:00 | Computer Name = Notebook | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:46:18 on ?16. ?5. ?2014 was unexpected.
Error - 16. 5. 2014 15:26:25 | Computer Name = Notebook | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: tcpipBM
Error - 16. 5. 2014 15:57:01 | Computer Name = Notebook | Source = Service Control Manager | ID = 7023
Description = Služba Oznamovacia služba SPP bola ukončená s nasledujúcou chybou:
%%5
< End of report >
OTL logfile created on: 16. 5. 2014 21:32:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 56,91% Memory free
6,00 Gb Paging File | 4,27 Gb Available in Paging File | 71,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,51 Gb Total Space | 105,18 Gb Free Space | 70,35% Space Free | Partition Type: NTFS
Drive D: | 87,90 Gb Total Space | 61,54 Gb Free Space | 70,01% Space Free | Partition Type: NTFS
Drive E: | 60,69 Gb Total Space | 40,66 Gb Free Space | 66,99% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2014/05/16 21:27:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2014/05/15 11:41:23 | 000,317,728 | ---- | M] () -- C:\Program Files\WebSpades\updateWebSpades.exe
PRC - [2014/05/14 16:53:24 | 000,317,728 | ---- | M] () -- C:\Program Files\WebSpades\bin\utilWebSpades.exe
PRC - [2014/05/08 03:52:34 | 032,668,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/05/05 10:38:00 | 000,182,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/05/05 10:37:58 | 000,124,496 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/02/25 12:41:37 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014/02/25 12:41:34 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014/02/25 12:41:25 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/02/25 12:41:24 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/06/06 18:28:30 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/06/06 18:26:36 | 001,524,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/01/27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/07/07 12:10:53 | 000,115,712 | ---- | M] (Acresso) -- C:\Program Files\Vivid WorkshopData ATI\organiseronlyservice.exe
PRC - [2010/07/07 12:05:33 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Vivid WorkshopData ATI\jre\bin\javaw.exe
PRC - [2010/01/15 21:57:18 | 000,018,432 | ---- | M] (Nomadio, Inc.) -- C:\Program Files\Connectify\ConnectifyService.exe
PRC - [2010/01/15 21:56:52 | 000,653,824 | ---- | M] (Nomadio, Inc.) -- C:\Program Files\Connectify\Connectifyd.exe
PRC - [2009/11/18 13:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (http://pietschsoft.com)) -- C:\Program Files\Virtual Router\VirtualRouterService.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/11 13:22:36 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/09/11 13:22:08 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- E:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2008/05/08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2007/12/18 12:48:40 | 000,196,704 | ---- | M] (OptionNV) -- C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
========== Modules (No Company Name) ==========
MOD - [2014/05/16 21:24:50 | 000,041,984 | ---- | M] () -- c:\users\xxx\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjn1ojh.dll
MOD - [2014/05/05 10:37:58 | 000,138,320 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014/05/05 10:37:52 | 000,049,744 | ---- | M] () -- C:\Users\xxx\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014/04/24 02:33:13 | 000,390,472 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
MOD - [2014/04/24 02:33:10 | 004,081,480 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/24 02:33:05 | 000,674,632 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
MOD - [2014/04/24 02:33:04 | 000,093,000 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\libegl.dll
MOD - [2014/04/24 02:33:03 | 001,647,432 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/24 02:33:01 | 000,065,352 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/01/03 05:42:50 | 003,610,624 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 01:55:02 | 025,100,288 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2010/12/14 20:46:24 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll
MOD - [2010/12/14 20:45:24 | 001,065,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll
MOD - [2010/12/14 20:45:22 | 017,919,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll
MOD - [2010/12/14 20:43:33 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
MOD - [2010/12/14 20:43:18 | 000,645,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll
MOD - [2010/12/14 20:43:17 | 001,011,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll
MOD - [2010/12/14 20:43:16 | 002,625,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
MOD - [2010/12/14 20:43:16 | 000,142,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll
MOD - [2010/12/14 20:42:48 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2010/12/14 20:31:58 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2010/12/14 20:31:47 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2010/12/14 20:31:35 | 002,499,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\87a713cee613d08ee04ae9483a9d4716\System.Data.Linq.ni.dll
MOD - [2010/12/14 20:31:32 | 006,754,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll
MOD - [2010/12/14 20:31:23 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll
MOD - [2010/12/14 20:31:22 | 017,629,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2010/12/14 20:31:05 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2010/12/14 20:30:54 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2010/12/14 20:30:49 | 000,144,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll
MOD - [2010/12/14 20:30:46 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2010/12/14 20:30:42 | 000,973,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
MOD - [2010/12/14 20:30:38 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2010/12/14 20:30:30 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2010/12/14 20:30:23 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2010/01/15 21:56:38 | 000,006,144 | ---- | M] () -- C:\Program Files\Connectify\BuildProps.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/30 18:48:10 | 000,102,032 | ---- | M] () -- c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2009/07/14 06:55:41 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bf248d315e6a94b62f23a44fb47399a5\System.WorkflowServices.ni.dll
MOD - [2009/07/14 06:55:22 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\b685ea7755ea35759d886f06720a9d3a\System.ServiceModel.Web.ni.dll
MOD - [2009/07/14 06:45:34 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e791f7aea04b8d379f6dbaadb5fdeb96\System.IdentityModel.ni.dll
MOD - [2009/07/14 06:45:33 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e1adf6b481f5120153829fa54ee8a041\System.ServiceModel.ni.dll
MOD - [2009/07/14 06:43:53 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll
MOD - [2009/07/14 06:43:53 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\81282964925798589021d3e0e6de779f\SMDiagnostics.ni.dll
MOD - [2009/07/14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009/07/14 06:43:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e71959f4ec6eb386889050ac139835c7\System.ServiceProcess.ni.dll
MOD - [2009/07/14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/14 06:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2008/09/30 20:30:57 | 000,294,912 | ---- | M] () -- E:\Program Files\WinRAR\Rarlng.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- E:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2014/05/15 11:41:23 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files\WebSpades\updateWebSpades.exe -- (Update WebSpades)
SRV - [2014/05/14 20:06:42 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/14 16:53:24 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files\WebSpades\bin\utilWebSpades.exe -- (Util WebSpades)
SRV - [2014/05/05 10:37:58 | 000,124,496 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/02/25 12:41:37 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/02/25 12:41:34 | 001,017,424 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2014/02/25 12:41:25 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 18:26:36 | 001,524,544 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/06/06 18:23:58 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/01/27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/07/07 12:10:53 | 000,115,712 | ---- | M] (Acresso) [Auto | Running] -- C:\Program Files\Vivid WorkshopData ATI\organiseronlyservice.exe -- (organiserservice)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/11/18 13:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (http://pietschsoft.com)) [Auto | Running] -- C:\Program Files\Virtual Router\VirtualRouterService.exe -- (Virtual Router)
SRV - [2009/10/21 10:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/09/11 13:22:08 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- E:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/05/08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007/12/18 12:48:40 | 000,196,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a2ngzrzk)
DRV - [2014/02/25 12:41:37 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2014/02/25 12:41:28 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2014/02/25 12:41:26 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2014/02/25 12:41:24 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/16 08:28:55 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2011/05/18 16:19:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/01/12 11:42:12 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/12/24 18:05:11 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/12/24 18:05:11 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/12/24 18:05:11 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/12/24 18:05:11 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/12/23 08:06:56 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2010/12/02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/07/30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/26 12:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/07/26 12:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/05/19 09:35:45 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/24 17:54:26 | 000,169,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/09/14 14:29:36 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/09/11 13:54:34 | 005,174,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/08/05 12:55:08 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/07/28 20:01:26 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009/07/24 11:31:58 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/14 00:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2009/06/19 09:57:20 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/06/19 09:56:48 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/06/17 11:59:46 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008/11/23 11:23:04 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NSHE.SYS -- (NSHE)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/22 22:14:45 | 000,021,638 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/18 16:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2008/02/08 12:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/08/06 13:30:18 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007/03/30 12:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2002/09/16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 35 78 C9 30 78 CC 01 [binary data]
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\..\SearchScopes\{8D2F8F90-4AC2-451B-9AF6-926A4225D306}: "URL" = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\..\SearchScopes\{C3AE9855-0582-4A49-A2CF-0CE84E0FA978}: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-133471220-1541798625-982354155-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: E:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\xxx\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/05/05 18:47:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: E:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/04/20 17:19:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/05/05 18:47:24 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://gogle.sk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: ProductName (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\miedgcmlgpmdagojnnbemlkgidepfjfi\0.9.8_0\plugin/NPIETab.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = E:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\xxx\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = E:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = E:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: RapidShare DownloadHelper = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpbkpjjkfakdcakapanjoeijlphieei\1.1.1\
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: HÄľadaĹĄ v Google = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SocialPlus! for Facebook = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidogommnbbcgnhfjkcgjnlonijjhmjl\2.6.8_0\
CHR - Extension: Facebook Disconnect = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.6.5_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_0\
CHR - Extension: AdBlock = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\
CHR - Extension: SearchPreview = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\3.4_0\
CHR - Extension: Forecastfox = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: IE Tab Classic = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\miedgcmlgpmdagojnnbemlkgidepfjfi\0.9.8_0\
CHR - Extension: Kontrola pošty Google = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: PeĹaĹľenka Google = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-133471220-1541798625-982354155-1001..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Od&oslať do programu OneNote - res://E:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{122E9D94-C752-4B5A-8710-E7E1A303AF15}: DhcpNameServer = 213.162.69.169 213.162.65.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4042884A-A132-4B62-8159-4685099A601B}: DhcpNameServer = 147.232.191.2 147.232.3.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C674D6D7-CDFA-4009-A263-34580704C046}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/09 18:57:57 | 000,007,892 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
O32 - AutoRun File - [2003/12/10 23:37:08 | 000,046,080 | ---- | M] (Siemens Medical Solutions, Department SW, Erlangen) - D:\AUTORUN.EXE -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{2371fc67-b9a2-11e0-97e7-00242162c0ea}\Shell - "" = AutoRun
O33 - MountPoints2\{2371fc67-b9a2-11e0-97e7-00242162c0ea}\Shell\AutoRun\command - "" = I:\setup.exe AUTORUN=1
O33 - MountPoints2\{43cfa231-6319-11df-bc68-00242162c0ea}\Shell - "" = AutoRun
O33 - MountPoints2\{43cfa231-6319-11df-bc68-00242162c0ea}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{43cfa231-6319-11df-bc68-00242162c0ea}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{43cfa231-6319-11df-bc68-00242162c0ea}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{6e6a6859-79dc-11df-b45c-00242162c0ea}\Shell - "" = AutoRun
O33 - MountPoints2\{6e6a6859-79dc-11df-b45c-00242162c0ea}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.dvacm - c:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - c:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - c:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2014/05/16 21:27:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2014/05/16 20:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/05/16 20:20:14 | 000,000,000 | ---D | C] -- C:\rsit
[2014/05/15 19:10:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\BC konečna
[2 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2014/05/16 21:34:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/05/16 21:29:25 | 000,651,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/16 21:29:25 | 000,120,580 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/16 21:27:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2014/05/16 21:24:32 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/16 21:23:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/16 21:23:52 | 2415,419,392 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/16 20:19:55 | 000,781,383 | ---- | M] () -- C:\Users\xxx\Desktop\RSIT.exe
[2014/05/16 20:06:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/16 20:02:49 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/15 21:28:35 | 000,009,584 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/15 21:28:35 | 000,009,584 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/15 20:56:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001UA.job
[2014/05/15 16:37:15 | 000,001,047 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/14 20:06:42 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/14 20:06:42 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/12 16:48:18 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/05/11 14:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001Core.job
[2 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
Re: Vyskakujúce reklamy
========== Files Created - No Company Name ==========
[2014/05/16 21:34:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/05/16 20:19:50 | 000,781,383 | ---- | C] () -- C:\Users\xxx\Desktop\RSIT.exe
[2013/06/25 10:18:17 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/07/07 23:40:51 | 000,000,000 | ---- | C] () -- C:\Users\xxx\AppData\Local\{8A505EC8-4CF4-4BFC-B54E-748DD4526A5C}
[2011/06/15 22:51:42 | 000,182,272 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\chrtmp
[2011/06/06 15:29:01 | 000,006,656 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/08 14:48:38 | 000,000,000 | ---- | C] () -- C:\Users\xxx\AppData\Local\{2C5F9723-0C86-4D83-A8BF-EDE8404E9FE8}
[2010/06/20 21:09:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/04 21:07:22 | 000,008,456 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/04 21:07:22 | 000,000,088 | RHS- | C] () -- C:\ProgramData\175C5698E7.sys
========== ZeroAccess Check ==========
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/04/02 16:22:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AIMP
[2011/09/08 22:14:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Apowersoft
[2010/04/24 17:13:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ashampoo
[2011/04/29 16:30:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/02 13:48:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
[2014/05/16 21:27:08 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2014/05/06 16:39:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DropboxMaster
[2010/04/21 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ESET
[2010/05/04 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Facebook
[2010/06/07 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GHISLER
[2011/06/06 11:11:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Greenshot
[2011/06/03 20:34:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HU2011
[2010/05/05 21:20:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\JLC's Software
[2011/05/09 16:50:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MusicMP3Downloader
[2011/03/14 16:35:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nokia
[2011/09/09 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Opera
[2010/12/24 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Paradoxx
[2011/05/08 10:01:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC Suite
[2011/01/27 20:38:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Publish Providers
[2011/10/24 12:31:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\redsn0w
[2011/09/20 12:59:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2010/06/17 13:23:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Soldat
[2011/01/27 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Sony
[2010/04/24 08:33:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SuperMP3Download
[2011/02/07 12:32:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TeamViewer
[2011/04/26 15:17:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2011/06/06 15:23:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ulead Systems
[2010/05/17 16:59:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\VitySoft
[2011/06/06 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Zoner
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 06:53:46 | 000,032,554 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/22 21:58:22 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/07/22 21:58:23 | 000,000,918 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010/04/20 17:04:29 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001Core.job
[2010/04/20 17:04:30 | 000,000,938 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001UA.job
[2013/02/28 22:06:04 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< >
< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[36 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[17 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp -> ]
[2 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009/09/13 19:05:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ABBYY
[2011/08/29 22:03:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Adobe
[2014/04/02 16:22:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AIMP
[2011/09/08 22:14:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Apowersoft
[2010/05/12 16:30:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Apple Computer
[2010/04/24 17:13:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ashampoo
[2010/04/20 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ATI
[2014/03/23 13:37:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Avira
[2011/04/29 16:30:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/06 15:23:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Corel
[2010/05/14 15:37:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CyberLink
[2011/09/02 13:48:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
[2010/04/27 15:37:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Digsby
[2014/05/16 21:27:08 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2014/05/06 16:39:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DropboxMaster
[2011/09/25 23:18:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\dvdcss
[2010/04/21 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ESET
[2010/05/04 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Facebook
[2010/06/07 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GHISLER
[2011/06/06 11:11:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Greenshot
[2011/05/15 17:41:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HP
[2011/06/03 20:34:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HU2011
[2010/04/20 16:27:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Identities
[2011/06/16 08:29:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\InstallShield
[2010/05/05 21:20:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\JLC's Software
[2010/04/20 17:48:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Macromedia
[2009/07/14 09:50:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Media Center Programs
[2013/07/01 22:36:33 | 000,000,000 | --SD | M] -- C:\Users\xxx\AppData\Roaming\Microsoft
[2014/04/29 22:51:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mozilla
[2011/05/09 16:50:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MusicMP3Downloader
[2011/03/14 16:35:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nokia
[2011/09/09 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Opera
[2010/12/24 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Paradoxx
[2011/05/08 10:01:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC Suite
[2011/01/27 20:38:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Publish Providers
[2011/10/24 12:31:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\redsn0w
[2011/09/20 12:59:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2012/02/27 21:45:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Skype
[2012/02/27 21:15:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\skypePM
[2010/06/17 13:23:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Soldat
[2011/01/27 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Sony
[2010/04/24 08:33:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SuperMP3Download
[2011/02/07 12:32:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TeamViewer
[2011/04/26 15:17:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2011/06/06 15:23:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ulead Systems
[2010/05/17 16:59:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\VitySoft
[2013/09/08 21:02:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\vlc
[2010/04/20 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WinRAR
[2011/06/06 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Zoner
< %APPDATA%\*.exe /s >
[2014/05/08 03:52:34 | 032,668,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014/05/08 03:54:32 | 000,243,632 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014/05/08 03:52:36 | 000,143,656 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2010/05/04 16:53:01 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\xxx\AppData\Roaming\Facebook\uninstall.exe
[2011/06/08 08:52:47 | 000,029,926 | R--- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2010/04/20 18:45:43 | 000,010,134 | R--- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Installer\{ED25C3FA-AD94-A451-A908-BCD8D0C121B4}\ARPPRODUCTICON.exe
[2011/02/20 21:42:34 | 015,736,940 | ---- | M] (Paradoxx Software s.r.o. ) -- C:\Users\xxx\AppData\Roaming\Paradoxx\PhoneReport\Updates\update_3.60.03.99.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2009/07/14 03:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\sppcomapi.dll
< %systemroot%\Tasks\*.job >
[2014/05/16 20:06:01 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/05/16 21:24:32 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/05/16 20:02:49 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014/05/11 14:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001Core.job
[2014/05/16 21:56:00 | 000,000,938 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001UA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/05/19 09:35:45 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2009/07/14 03:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\sppcomapi.dll
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014/05/15 21:28:35 | 000,009,584 | ---- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/15 21:28:35 | 000,009,584 | ---- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/14 20:06:42 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014/05/14 20:06:42 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2014/05/16 21:29:25 | 000,120,580 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014/05/16 21:29:25 | 000,651,648 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014/05/16 21:29:25 | 000,778,150 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"" =
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009/07/14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/05/16 21:34:59 | 000,000,512 | ---- | M] () MD5=35E88AEFFA70819ACFECD542294A6742 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2010/03/04 21:37:46 | 000,000,721 | ---- | M] () -- \Program Files\Pinnacle\Studio 15\Plugins\RTFx\HfxXML\Crackers.xml
[2010/03/04 21:37:46 | 000,000,738 | ---- | M] () -- \Program Files\Pinnacle\Studio 15\Plugins\RTFx\HfxXML\FireCracker.xml
[2009/01/22 09:11:48 | 007,317,900 | ---- | M] () -- \Tecar Forum\ETKA 7.2\PROG\Crack-FIX_72_3.exe
[2010/03/04 21:37:46 | 000,010,179 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Effects\65 - Patriotic\FireCracker.hfx
[2010/03/04 21:37:46 | 000,008,201 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Effects\70 - Foods\Crackers.hfx
[2010/03/04 21:45:04 | 001,543,882 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Food\Cracker.hfo
[2010/03/04 21:45:06 | 000,026,143 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker BAM.hfo
[2010/03/04 21:45:06 | 000,027,267 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker bottom.hfo
[2010/03/04 21:45:06 | 000,080,879 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker top.hfo
[2010/10/19 13:32:04 | 000,843,284 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Gag\Whip Crack Vx.wav
[2010/10/19 13:32:04 | 000,843,284 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Gag\Whip Crack.wav
[2010/10/19 13:32:06 | 000,597,884 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Hrající si děti\Bat Crack .wav
[2010/10/19 13:32:08 | 016,633,220 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Zimní radovánky\Crackling Hearth.wav
< *keygen* /s >
< *loader* /s >
[2014/02/25 12:41:34 | 000,053,328 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.dll
[2014/02/25 12:41:34 | 000,566,352 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.exe
[2014/02/25 12:41:34 | 001,748,048 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloadergui.dll
[2009/12/30 18:47:38 | 000,523,408 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
[2009/12/30 18:47:44 | 000,075,920 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\CT\PhotoDownloaderRC.dll
[2009/12/30 18:47:46 | 000,089,232 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\DE\PhotoDownloaderRC.dll
[2009/12/30 18:47:46 | 000,084,624 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\EN\PhotoDownloaderRC.dll
[2009/12/30 18:47:48 | 000,087,696 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\ES\PhotoDownloaderRC.dll
[2009/12/30 18:47:50 | 000,089,232 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\FR\PhotoDownloaderRC.dll
[2009/12/30 18:47:50 | 000,084,624 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\IE\PhotoDownloaderRC.dll
[2009/12/30 18:47:52 | 000,087,696 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\IT\PhotoDownloaderRC.dll
[2009/12/30 18:47:54 | 000,078,992 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\JP\PhotoDownloaderRC.dll
[2009/12/30 18:47:56 | 000,087,184 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\NL\PhotoDownloaderRC.dll
[2009/12/30 18:48:00 | 000,087,696 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\PL\PhotoDownloaderRC.dll
[2009/10/22 01:01:42 | 000,249,672 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2009/10/22 01:01:42 | 000,018,248 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2010/11/04 10:37:28 | 000,335,872 | ---- | M] () -- \Program Files\Common Files\Nokia\Service Layer\A\nsl_loader.dll
[2010/10/28 14:29:30 | 000,131,072 | ---- | M] () -- \Program Files\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2009/01/04 19:53:08 | 000,002,945 | ---- | M] () -- \Program Files\Corel\Corel PaintShop Photo Pro\X3\accLoader.ini
[2010/01/07 13:08:04 | 000,331,936 | ---- | M] () -- \Program Files\Corel\Corel PaintShop Photo Pro\X3\VimeoUploader.dll
[2009/12/26 14:08:34 | 000,331,976 | ---- | M] () -- \Program Files\Corel\MLE\VimeoUploader.dll
[2010/12/13 21:59:53 | 000,007,161 | ---- | M] () -- \Program Files\Digsby\lib\gui\browser\webkit\imageloader.pyo
[2010/08/24 02:16:15 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\digsby_about\res\ajax-loader.gif
[2010/12/13 21:59:55 | 000,007,133 | ---- | M] () -- \Program Files\Digsby\lib\plugins\digsby_updater\downloader.pyo
[2009/07/02 17:06:10 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\facebook\res\ajax-loader.gif
[2010/08/25 01:31:07 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\linkedin\res\ajax-loader.gif
[2010/02/05 19:29:18 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\myspace\res\ajax-loader.gif
[2009/07/14 22:44:20 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\twitter\res\img\ajax-loader.gif
[2010/04/01 17:46:44 | 000,014,145 | ---- | M] () -- \Program Files\Digsby\lib\syck\loaders.pyo
[2014/03/11 21:34:44 | 000,000,702 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_advoptions.fen
[2014/03/11 21:34:44 | 000,000,790 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_debug.fen
[2014/03/11 21:34:44 | 000,000,723 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_download.fen
[2014/03/11 21:34:44 | 000,000,694 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_file_errors.fen
[2014/03/11 21:34:44 | 000,000,634 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_manage_devices.fen
[2014/03/11 21:34:44 | 000,002,398 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_onboard.fen
[2014/03/11 21:34:44 | 000,001,417 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_options.fen
[2014/03/11 21:34:44 | 000,001,330 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_pinwheel_72.png
[2014/03/11 21:34:44 | 000,002,541 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_pinwheel_72x2.png
[2014/03/11 21:34:44 | 000,002,196 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_prefs.fen
[2014/03/11 21:34:44 | 000,000,956 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_quota_error1.fen
[2014/03/11 21:34:44 | 000,001,080 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_quota_error2.fen
[2014/03/11 21:34:44 | 000,001,139 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_quota_error_estimate.fen
[2014/03/11 21:34:44 | 000,002,181 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_welcome.fen
[2008/10/28 13:24:48 | 000,070,936 | ---- | M] () -- \Program Files\Kalypso\Jagd Simulator 2011\bin\PhysXLoader.dll
[2009/09/25 14:00:00 | 000,001,849 | ---- | M] () -- \Program Files\TuneUp Utilities 2011\data\Integrator\images\panel6\loader.gif
[2009/09/25 14:00:00 | 000,001,849 | ---- | M] () -- \Program Files\TuneUp Utilities 2011\data\TuneUpUtilities.gadget\images\loader.gif
[2009/09/25 14:00:00 | 000,001,849 | ---- | M] () -- \Program Files\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget\images\loader.gif
[2011/06/06 14:55:25 | 000,001,221 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Photo Pro X3\Corel Photo Downloader.lnk
[2011/06/06 14:55:25 | 000,001,221 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Photo Pro X3\Corel Photo Downloader.lnk
[2010/03/06 07:30:38 | 000,847,040 | ---- | M] () -- \Users\xxx\AppData\Roaming\Facebook\axfbootloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009/08/14 13:36:18 | 000,070,936 | ---- | M] () -- \Windows\System32\PhysXLoader.dll
[2009/07/14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/07/14 09:42:17 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 09:42:17 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009/07/14 09:42:17 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2010/04/20 16:47:01 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2010/04/20 16:47:01 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2010/04/20 16:47:01 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009/07/14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 09:41:36 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/08/19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/08/19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2009/07/14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:182F0EEA
< End of report >
[2014/05/16 21:34:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/05/16 20:19:50 | 000,781,383 | ---- | C] () -- C:\Users\xxx\Desktop\RSIT.exe
[2013/06/25 10:18:17 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/07/07 23:40:51 | 000,000,000 | ---- | C] () -- C:\Users\xxx\AppData\Local\{8A505EC8-4CF4-4BFC-B54E-748DD4526A5C}
[2011/06/15 22:51:42 | 000,182,272 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\chrtmp
[2011/06/06 15:29:01 | 000,006,656 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/08 14:48:38 | 000,000,000 | ---- | C] () -- C:\Users\xxx\AppData\Local\{2C5F9723-0C86-4D83-A8BF-EDE8404E9FE8}
[2010/06/20 21:09:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/04 21:07:22 | 000,008,456 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/04 21:07:22 | 000,000,088 | RHS- | C] () -- C:\ProgramData\175C5698E7.sys
========== ZeroAccess Check ==========
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/04/02 16:22:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AIMP
[2011/09/08 22:14:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Apowersoft
[2010/04/24 17:13:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ashampoo
[2011/04/29 16:30:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/02 13:48:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
[2014/05/16 21:27:08 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2014/05/06 16:39:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DropboxMaster
[2010/04/21 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ESET
[2010/05/04 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Facebook
[2010/06/07 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GHISLER
[2011/06/06 11:11:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Greenshot
[2011/06/03 20:34:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HU2011
[2010/05/05 21:20:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\JLC's Software
[2011/05/09 16:50:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MusicMP3Downloader
[2011/03/14 16:35:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nokia
[2011/09/09 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Opera
[2010/12/24 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Paradoxx
[2011/05/08 10:01:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC Suite
[2011/01/27 20:38:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Publish Providers
[2011/10/24 12:31:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\redsn0w
[2011/09/20 12:59:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2010/06/17 13:23:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Soldat
[2011/01/27 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Sony
[2010/04/24 08:33:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SuperMP3Download
[2011/02/07 12:32:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TeamViewer
[2011/04/26 15:17:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2011/06/06 15:23:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ulead Systems
[2010/05/17 16:59:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\VitySoft
[2011/06/06 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Zoner
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 06:53:46 | 000,032,554 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/22 21:58:22 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/07/22 21:58:23 | 000,000,918 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010/04/20 17:04:29 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001Core.job
[2010/04/20 17:04:30 | 000,000,938 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001UA.job
[2013/02/28 22:06:04 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< >
< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[36 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[17 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp -> ]
[2 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009/09/13 19:05:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ABBYY
[2011/08/29 22:03:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Adobe
[2014/04/02 16:22:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AIMP
[2011/09/08 22:14:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Apowersoft
[2010/05/12 16:30:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Apple Computer
[2010/04/24 17:13:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ashampoo
[2010/04/20 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ATI
[2014/03/23 13:37:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Avira
[2011/04/29 16:30:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/06 15:23:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Corel
[2010/05/14 15:37:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CyberLink
[2011/09/02 13:48:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
[2010/04/27 15:37:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Digsby
[2014/05/16 21:27:08 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2014/05/06 16:39:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DropboxMaster
[2011/09/25 23:18:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\dvdcss
[2010/04/21 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ESET
[2010/05/04 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Facebook
[2010/06/07 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GHISLER
[2011/06/06 11:11:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Greenshot
[2011/05/15 17:41:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HP
[2011/06/03 20:34:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HU2011
[2010/04/20 16:27:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Identities
[2011/06/16 08:29:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\InstallShield
[2010/05/05 21:20:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\JLC's Software
[2010/04/20 17:48:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Macromedia
[2009/07/14 09:50:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Media Center Programs
[2013/07/01 22:36:33 | 000,000,000 | --SD | M] -- C:\Users\xxx\AppData\Roaming\Microsoft
[2014/04/29 22:51:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mozilla
[2011/05/09 16:50:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MusicMP3Downloader
[2011/03/14 16:35:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nokia
[2011/09/09 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Opera
[2010/12/24 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Paradoxx
[2011/05/08 10:01:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC Suite
[2011/01/27 20:38:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Publish Providers
[2011/10/24 12:31:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\redsn0w
[2011/09/20 12:59:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2012/02/27 21:45:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Skype
[2012/02/27 21:15:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\skypePM
[2010/06/17 13:23:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Soldat
[2011/01/27 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Sony
[2010/04/24 08:33:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SuperMP3Download
[2011/02/07 12:32:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TeamViewer
[2011/04/26 15:17:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2011/06/06 15:23:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ulead Systems
[2010/05/17 16:59:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\VitySoft
[2013/09/08 21:02:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\vlc
[2010/04/20 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WinRAR
[2011/06/06 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Zoner
< %APPDATA%\*.exe /s >
[2014/05/08 03:52:34 | 032,668,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014/05/08 03:54:32 | 000,243,632 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014/05/08 03:52:36 | 000,143,656 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2010/05/04 16:53:01 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\xxx\AppData\Roaming\Facebook\uninstall.exe
[2011/06/08 08:52:47 | 000,029,926 | R--- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2010/04/20 18:45:43 | 000,010,134 | R--- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Installer\{ED25C3FA-AD94-A451-A908-BCD8D0C121B4}\ARPPRODUCTICON.exe
[2011/02/20 21:42:34 | 015,736,940 | ---- | M] (Paradoxx Software s.r.o. ) -- C:\Users\xxx\AppData\Roaming\Paradoxx\PhoneReport\Updates\update_3.60.03.99.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2009/07/14 03:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\sppcomapi.dll
< %systemroot%\Tasks\*.job >
[2014/05/16 20:06:01 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/05/16 21:24:32 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/05/16 20:02:49 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014/05/11 14:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001Core.job
[2014/05/16 21:56:00 | 000,000,938 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001UA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/05/19 09:35:45 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2009/07/14 03:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\sppcomapi.dll
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014/05/15 21:28:35 | 000,009,584 | ---- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/15 21:28:35 | 000,009,584 | ---- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/14 20:06:42 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014/05/14 20:06:42 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2014/05/16 21:29:25 | 000,120,580 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014/05/16 21:29:25 | 000,651,648 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014/05/16 21:29:25 | 000,778,150 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"" =
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009/07/14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/05/16 21:34:59 | 000,000,512 | ---- | M] () MD5=35E88AEFFA70819ACFECD542294A6742 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2010/03/04 21:37:46 | 000,000,721 | ---- | M] () -- \Program Files\Pinnacle\Studio 15\Plugins\RTFx\HfxXML\Crackers.xml
[2010/03/04 21:37:46 | 000,000,738 | ---- | M] () -- \Program Files\Pinnacle\Studio 15\Plugins\RTFx\HfxXML\FireCracker.xml
[2009/01/22 09:11:48 | 007,317,900 | ---- | M] () -- \Tecar Forum\ETKA 7.2\PROG\Crack-FIX_72_3.exe
[2010/03/04 21:37:46 | 000,010,179 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Effects\65 - Patriotic\FireCracker.hfx
[2010/03/04 21:37:46 | 000,008,201 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Effects\70 - Foods\Crackers.hfx
[2010/03/04 21:45:04 | 001,543,882 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Food\Cracker.hfo
[2010/03/04 21:45:06 | 000,026,143 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker BAM.hfo
[2010/03/04 21:45:06 | 000,027,267 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker bottom.hfo
[2010/03/04 21:45:06 | 000,080,879 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker top.hfo
[2010/10/19 13:32:04 | 000,843,284 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Gag\Whip Crack Vx.wav
[2010/10/19 13:32:04 | 000,843,284 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Gag\Whip Crack.wav
[2010/10/19 13:32:06 | 000,597,884 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Hrající si děti\Bat Crack .wav
[2010/10/19 13:32:08 | 016,633,220 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Zimní radovánky\Crackling Hearth.wav
< *keygen* /s >
< *loader* /s >
[2014/02/25 12:41:34 | 000,053,328 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.dll
[2014/02/25 12:41:34 | 000,566,352 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.exe
[2014/02/25 12:41:34 | 001,748,048 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloadergui.dll
[2009/12/30 18:47:38 | 000,523,408 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
[2009/12/30 18:47:44 | 000,075,920 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\CT\PhotoDownloaderRC.dll
[2009/12/30 18:47:46 | 000,089,232 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\DE\PhotoDownloaderRC.dll
[2009/12/30 18:47:46 | 000,084,624 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\EN\PhotoDownloaderRC.dll
[2009/12/30 18:47:48 | 000,087,696 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\ES\PhotoDownloaderRC.dll
[2009/12/30 18:47:50 | 000,089,232 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\FR\PhotoDownloaderRC.dll
[2009/12/30 18:47:50 | 000,084,624 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\IE\PhotoDownloaderRC.dll
[2009/12/30 18:47:52 | 000,087,696 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\IT\PhotoDownloaderRC.dll
[2009/12/30 18:47:54 | 000,078,992 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\JP\PhotoDownloaderRC.dll
[2009/12/30 18:47:56 | 000,087,184 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\NL\PhotoDownloaderRC.dll
[2009/12/30 18:48:00 | 000,087,696 | ---- | M] () -- \Program Files\Common Files\Corel\Corel PhotoDownloader\Languages\PL\PhotoDownloaderRC.dll
[2009/10/22 01:01:42 | 000,249,672 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2009/10/22 01:01:42 | 000,018,248 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2010/11/04 10:37:28 | 000,335,872 | ---- | M] () -- \Program Files\Common Files\Nokia\Service Layer\A\nsl_loader.dll
[2010/10/28 14:29:30 | 000,131,072 | ---- | M] () -- \Program Files\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2009/01/04 19:53:08 | 000,002,945 | ---- | M] () -- \Program Files\Corel\Corel PaintShop Photo Pro\X3\accLoader.ini
[2010/01/07 13:08:04 | 000,331,936 | ---- | M] () -- \Program Files\Corel\Corel PaintShop Photo Pro\X3\VimeoUploader.dll
[2009/12/26 14:08:34 | 000,331,976 | ---- | M] () -- \Program Files\Corel\MLE\VimeoUploader.dll
[2010/12/13 21:59:53 | 000,007,161 | ---- | M] () -- \Program Files\Digsby\lib\gui\browser\webkit\imageloader.pyo
[2010/08/24 02:16:15 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\digsby_about\res\ajax-loader.gif
[2010/12/13 21:59:55 | 000,007,133 | ---- | M] () -- \Program Files\Digsby\lib\plugins\digsby_updater\downloader.pyo
[2009/07/02 17:06:10 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\facebook\res\ajax-loader.gif
[2010/08/25 01:31:07 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\linkedin\res\ajax-loader.gif
[2010/02/05 19:29:18 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\myspace\res\ajax-loader.gif
[2009/07/14 22:44:20 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\twitter\res\img\ajax-loader.gif
[2010/04/01 17:46:44 | 000,014,145 | ---- | M] () -- \Program Files\Digsby\lib\syck\loaders.pyo
[2014/03/11 21:34:44 | 000,000,702 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_advoptions.fen
[2014/03/11 21:34:44 | 000,000,790 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_debug.fen
[2014/03/11 21:34:44 | 000,000,723 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_download.fen
[2014/03/11 21:34:44 | 000,000,694 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_file_errors.fen
[2014/03/11 21:34:44 | 000,000,634 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_manage_devices.fen
[2014/03/11 21:34:44 | 000,002,398 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_onboard.fen
[2014/03/11 21:34:44 | 000,001,417 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_options.fen
[2014/03/11 21:34:44 | 000,001,330 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_pinwheel_72.png
[2014/03/11 21:34:44 | 000,002,541 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_pinwheel_72x2.png
[2014/03/11 21:34:44 | 000,002,196 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_prefs.fen
[2014/03/11 21:34:44 | 000,000,956 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_quota_error1.fen
[2014/03/11 21:34:44 | 000,001,080 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_quota_error2.fen
[2014/03/11 21:34:44 | 000,001,139 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_quota_error_estimate.fen
[2014/03/11 21:34:44 | 000,002,181 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_welcome.fen
[2008/10/28 13:24:48 | 000,070,936 | ---- | M] () -- \Program Files\Kalypso\Jagd Simulator 2011\bin\PhysXLoader.dll
[2009/09/25 14:00:00 | 000,001,849 | ---- | M] () -- \Program Files\TuneUp Utilities 2011\data\Integrator\images\panel6\loader.gif
[2009/09/25 14:00:00 | 000,001,849 | ---- | M] () -- \Program Files\TuneUp Utilities 2011\data\TuneUpUtilities.gadget\images\loader.gif
[2009/09/25 14:00:00 | 000,001,849 | ---- | M] () -- \Program Files\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget\images\loader.gif
[2011/06/06 14:55:25 | 000,001,221 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Photo Pro X3\Corel Photo Downloader.lnk
[2011/06/06 14:55:25 | 000,001,221 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Photo Pro X3\Corel Photo Downloader.lnk
[2010/03/06 07:30:38 | 000,847,040 | ---- | M] () -- \Users\xxx\AppData\Roaming\Facebook\axfbootloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009/08/14 13:36:18 | 000,070,936 | ---- | M] () -- \Windows\System32\PhysXLoader.dll
[2009/07/14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/07/14 09:42:17 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 09:42:17 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009/07/14 09:42:17 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2010/04/20 16:47:01 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2010/04/20 16:47:01 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2010/04/20 16:47:01 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009/07/14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 09:41:36 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/08/19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/08/19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2009/07/14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:182F0EEA
< End of report >
Re: Vyskakujúce reklamy
Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
- Ulozte nejlepe na plochu
- Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
- Probehne vytvoreni zalohy a nasledne prohledavani
- Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vyskakujúce reklamy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by xxx on so 17. 05. 2014 at 11:09:00,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 17. 05. 2014 at 11:12:28,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by xxx on so 17. 05. 2014 at 11:09:00,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 17. 05. 2014 at 11:12:28,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Vyskakujúce reklamy
# AdwCleaner v3.208 - Report created 17/05/2014 at 11:21:07
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : xxx - NOTEBOOK
# Running from : C:\Users\xxx\Desktop\adwcleaner_3.208.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Google Chrome v
[ File : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [19336 octets] - [25/04/2014 22:06:16]
AdwCleaner[R1].txt - [1415 octets] - [08/05/2014 15:47:05]
AdwCleaner[R2].txt - [1447 octets] - [17/05/2014 11:15:54]
AdwCleaner[S0].txt - [17586 octets] - [25/04/2014 22:08:37]
AdwCleaner[S1].txt - [1492 octets] - [08/05/2014 15:48:03]
AdwCleaner[S2].txt - [1380 octets] - [17/05/2014 11:21:07]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1440 octets] ##########
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : xxx - NOTEBOOK
# Running from : C:\Users\xxx\Desktop\adwcleaner_3.208.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Google Chrome v
[ File : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [19336 octets] - [25/04/2014 22:06:16]
AdwCleaner[R1].txt - [1415 octets] - [08/05/2014 15:47:05]
AdwCleaner[R2].txt - [1447 octets] - [17/05/2014 11:15:54]
AdwCleaner[S0].txt - [17586 octets] - [25/04/2014 22:08:37]
AdwCleaner[S1].txt - [1492 octets] - [08/05/2014 15:48:03]
AdwCleaner[S2].txt - [1380 octets] - [17/05/2014 11:21:07]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1440 octets] ##########
Naposledy upravil(a) Dominovts dne 17 kvě 2014 10:25, celkem upraveno 1 x.
Re: Vyskakujúce reklamy
Spustte znovu AdwCleaner
- Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vyskakujúce reklamy
# AdwCleaner v3.208 - Report created 17/05/2014 at 11:27:28
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : xxx - NOTEBOOK
# Running from : C:\Users\xxx\Desktop\adwcleaner_3.208.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Google Chrome v
[ File : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [19336 octets] - [25/04/2014 22:06:16]
AdwCleaner[R1].txt - [1415 octets] - [08/05/2014 15:47:05]
AdwCleaner[R2].txt - [1447 octets] - [17/05/2014 11:15:54]
AdwCleaner[R3].txt - [1503 octets] - [17/05/2014 11:26:22]
AdwCleaner[S0].txt - [17586 octets] - [25/04/2014 22:08:37]
AdwCleaner[S1].txt - [1492 octets] - [08/05/2014 15:48:03]
AdwCleaner[S2].txt - [1520 octets] - [17/05/2014 11:21:07]
AdwCleaner[S3].txt - [1434 octets] - [17/05/2014 11:27:28]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1494 octets] ##########
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : xxx - NOTEBOOK
# Running from : C:\Users\xxx\Desktop\adwcleaner_3.208.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Google Chrome v
[ File : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [19336 octets] - [25/04/2014 22:06:16]
AdwCleaner[R1].txt - [1415 octets] - [08/05/2014 15:47:05]
AdwCleaner[R2].txt - [1447 octets] - [17/05/2014 11:15:54]
AdwCleaner[R3].txt - [1503 octets] - [17/05/2014 11:26:22]
AdwCleaner[S0].txt - [17586 octets] - [25/04/2014 22:08:37]
AdwCleaner[S1].txt - [1492 octets] - [08/05/2014 15:48:03]
AdwCleaner[S2].txt - [1520 octets] - [17/05/2014 11:21:07]
AdwCleaner[S3].txt - [1434 octets] - [17/05/2014 11:27:28]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1494 octets] ##########
Re: Vyskakujúce reklamy
Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
- Do okna vlozte skript nize
Kód: Vybrat vše
autoclean; emptyclsid; iedefaults; FFdefaults; CHRdefaults; emptyalltemp; resethosts;- Nasledne kliknete na Run Script
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vyskakujúce reklamy
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by xxx on so 17. 05. 2014 at 14:44:08,84.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\xxx\Desktop\zoek (1).exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17. 5. 2014 14:45:02 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-133471220-1541798625-982354155-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C3AE9855-0582-4A49-A2CF-0CE84E0FA978} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-133471220-1541798625-982354155-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update WebSpades deleted successfully
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Package Cache deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
"C:\Windows\Installer\2219269.msi" deleted
"C:\Users\xxx\AppData\Local\{2C5F9723-0C86-4D83-A8BF-EDE8404E9FE8}" deleted
"C:\Users\xxx\AppData\Local\{8A505EC8-4CF4-4BFC-B54E-748DD4526A5C}" deleted
"C:\Users\xxx\AppData\Roaming\chrtmp" deleted
"C:\Program Files\WebSpades\updateWebSpades.exe" deleted
"C:\Program Files\WebSpades\bin\utilWebSpades.exe" deleted
"C:\Program Files\WebSpades\bin\WebSpades.BrowserAdapter.exe" deleted
"C:\Program Files\WebSpades\bin\{2635ac50-5488-40bf-9bfd-accb158f8f3f}.dll" deleted
"C:\Program Files\WebSpades" not deleted
"C:\Program Files\WebSpades\bin" not deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"="C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension" [05. 05. 2011 18:47]
==== Chrome Look ======================
RapidShare DownloadHelper - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpbkpjjkfakdcakapanjoeijlphieei
SocialPlus for Facebook - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidogommnbbcgnhfjkcgjnlonijjhmjl
Facebook Disconnect - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec
Photo Zoom for Facebook - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi
AdBlock - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Forecastfox - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg
IE Tab Classic - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\miedgcmlgpmdagojnnbemlkgidepfjfi
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
{8D2F8F90-4AC2-451B-9AF6-926A4225D306} Google Url="http://www.google.com/search?q={searchT ... f8&oe=utf8"
==== Reset Google Chrome ======================
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6933BE280BD16674588BD9319B9C8B26 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{82EB3396-1DB0-4766-85B8-9D13B9C9B862} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6933BE280BD16674588BD9319B9C8B26 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=50 folders=10 14157995 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\xxx\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\xxx\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Program Files\WebSpades" not found
==== EOF on so 17. 05. 2014 at 14:58:38,44 ======================
Tool run by xxx on so 17. 05. 2014 at 14:44:08,84.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\xxx\Desktop\zoek (1).exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17. 5. 2014 14:45:02 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-133471220-1541798625-982354155-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C3AE9855-0582-4A49-A2CF-0CE84E0FA978} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-133471220-1541798625-982354155-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update WebSpades deleted successfully
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Package Cache deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
"C:\Windows\Installer\2219269.msi" deleted
"C:\Users\xxx\AppData\Local\{2C5F9723-0C86-4D83-A8BF-EDE8404E9FE8}" deleted
"C:\Users\xxx\AppData\Local\{8A505EC8-4CF4-4BFC-B54E-748DD4526A5C}" deleted
"C:\Users\xxx\AppData\Roaming\chrtmp" deleted
"C:\Program Files\WebSpades\updateWebSpades.exe" deleted
"C:\Program Files\WebSpades\bin\utilWebSpades.exe" deleted
"C:\Program Files\WebSpades\bin\WebSpades.BrowserAdapter.exe" deleted
"C:\Program Files\WebSpades\bin\{2635ac50-5488-40bf-9bfd-accb158f8f3f}.dll" deleted
"C:\Program Files\WebSpades" not deleted
"C:\Program Files\WebSpades\bin" not deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"="C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension" [05. 05. 2011 18:47]
==== Chrome Look ======================
RapidShare DownloadHelper - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpbkpjjkfakdcakapanjoeijlphieei
SocialPlus for Facebook - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidogommnbbcgnhfjkcgjnlonijjhmjl
Facebook Disconnect - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec
Photo Zoom for Facebook - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi
AdBlock - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Forecastfox - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg
IE Tab Classic - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\miedgcmlgpmdagojnnbemlkgidepfjfi
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
{8D2F8F90-4AC2-451B-9AF6-926A4225D306} Google Url="http://www.google.com/search?q={searchT ... f8&oe=utf8"
==== Reset Google Chrome ======================
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6933BE280BD16674588BD9319B9C8B26 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{82EB3396-1DB0-4766-85B8-9D13B9C9B862} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6933BE280BD16674588BD9319B9C8B26 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=50 folders=10 14157995 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\xxx\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\xxx\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Program Files\WebSpades" not found
==== EOF on so 17. 05. 2014 at 14:58:38,44 ======================
Re: Vyskakujúce reklamy
Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vyskakujúce reklamy
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by xxx (administrator) on NOTEBOOK on 17-05-2014 15:55:06
Running from C:\Users\xxx\Desktop
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: 041B
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nomadio, Inc.) C:\Program Files\Connectify\ConnectifyService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(ESET) E:\Program Files\ESET\ESET Smart Security\ekrn.exe
(OptionNV) C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe
(Acresso) C:\Program Files\Vivid WorkshopData ATI\organiseronlyservice.exe
(Sun Microsystems, Inc.) C:\Program Files\Vivid WorkshopData ATI\jre\bin\javaw.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Chris Pietschmann (http://pietschsoft.com)) C:\Program Files\Virtual Router\VirtualRouterService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Nomadio, Inc.) C:\Program Files\Connectify\Connectifyd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Dropbox, Inc.) C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(forum.viry.cz) C:\Users\xxx\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-133471220-1541798625-982354155-1001\...\Run: [] => [X]
HKU\S-1-5-21-133471220-1541798625-982354155-1001\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-133471220-1541798625-982354155-1001\...\MountPoints2: {2371fc67-b9a2-11e0-97e7-00242162c0ea} - I:\setup.exe AUTORUN=1
HKU\S-1-5-21-133471220-1541798625-982354155-1001\...\MountPoints2: {43cfa231-6319-11df-bc68-00242162c0ea} - G:\SETUP.EXE
HKU\S-1-5-21-133471220-1541798625-982354155-1001\...\MountPoints2: {6e6a6859-79dc-11df-b45c-00242162c0ea} - "H:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x573578C93078CC01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - E:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\xxx\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\xxx\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\xxx\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\xxx\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\xxx\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - E:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: Eset Plugin - E:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-04-20]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ []
Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17]
CHR Extension: (Disk Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-17]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-17]
CHR Extension: (Hľadať v Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-17]
CHR Extension: (Peňaženka Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-17]
CHR StartMenuInternet: Google Chrome - C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.)
S3 EhttpSrv; E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [20680 2009-02-06] (ESET)
R2 ekrn; E:\Program Files\ESET\ESET Smart Security\ekrn.exe [727720 2009-02-06] (ESET)
R2 GtDetectSc; C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe [196704 2007-12-18] (OptionNV)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 organiserservice; C:\Program Files\Vivid WorkshopData ATI\organiseronlyservice.exe [115712 2010-07-07] (Acresso)
R2 Virtual Router; C:\Program Files\Virtual Router\VirtualRouterService.exe [12288 2009-11-18] (Chris Pietschmann (http://pietschsoft.com))
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [21638 2008-08-22] ()
R2 NSHE; C:\Windows\system32\Drivers\NSHE.SYS [97792 2008-11-23] (T0r0 2008)
R1 PQNTDrv; C:\Windows\system32\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-19] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-01-12] (TeamViewer GmbH)
U3 adv3lq9t; C:\Windows\system32\Drivers\adv3lq9t.sys [0 ] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-17 15:55 - 2014-05-17 15:55 - 00013579 _____ () C:\Users\xxx\Desktop\FRST.txt
2014-05-17 15:54 - 2014-05-17 15:55 - 00000000 ____D () C:\FRST
2014-05-17 15:53 - 2014-05-17 15:48 - 01056768 _____ (Farbar) C:\Users\xxx\Desktop\FRST.exe
2014-05-17 15:52 - 2014-05-17 15:52 - 00112640 _____ (forum.viry.cz) C:\Users\xxx\Desktop\FRSTLauncher.exe
2014-05-17 15:49 - 2014-05-17 15:49 - 00112640 _____ (forum.viry.cz) C:\Users\xxx\Downloads\Nepotvrdené 608213.crdownload
2014-05-17 15:49 - 2014-05-17 15:49 - 00112640 _____ (forum.viry.cz) C:\Users\xxx\Downloads\Nepotvrdené 236317.crdownload
2014-05-17 15:48 - 2014-05-17 15:48 - 01056768 _____ (Farbar) C:\Users\xxx\Downloads\FRST (1).exe
2014-05-17 15:47 - 2014-05-17 15:48 - 01056768 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe
2014-05-17 14:55 - 2014-05-17 14:43 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-17 14:53 - 2014-05-17 14:58 - 00000000 ____D () C:\zoek
2014-05-17 14:44 - 2014-05-17 14:58 - 00011456 _____ () C:\zoek-results.log
2014-05-17 14:43 - 2014-05-17 14:54 - 00000000 ____D () C:\zoek_backup
2014-05-17 14:42 - 2014-05-17 14:42 - 01285120 _____ () C:\Users\xxx\Desktop\zoek.exe
2014-05-17 14:42 - 2014-05-17 14:42 - 01285120 _____ () C:\Users\xxx\Desktop\zoek (1).exe
2014-05-17 11:12 - 2014-05-17 11:12 - 00000732 _____ () C:\Users\xxx\Desktop\JRT.txt
2014-05-17 11:08 - 2014-05-17 11:09 - 01325827 _____ () C:\Users\xxx\Desktop\adwcleaner_3.208.exe
2014-05-16 22:07 - 2014-05-16 22:07 - 00093418 _____ () C:\Users\xxx\Desktop\Extras.Txt
2014-05-16 22:06 - 2014-05-16 22:06 - 00164548 _____ () C:\Users\xxx\Desktop\OTL.Txt
2014-05-16 21:34 - 2014-05-16 21:34 - 00000512 _____ () C:\PhysicalMBR.bin
2014-05-16 21:27 - 2014-05-16 21:27 - 00602112 _____ (OldTimer Tools) C:\Users\xxx\Desktop\OTL.exe
2014-05-16 20:20 - 2014-05-16 20:20 - 00000000 ____D () C:\rsit
2014-05-16 20:20 - 2014-05-16 20:20 - 00000000 ____D () C:\Program Files\trend micro
2014-05-16 20:19 - 2014-05-16 20:19 - 00781383 _____ () C:\Users\xxx\Desktop\RSIT.exe
2014-05-15 19:10 - 2014-05-15 19:31 - 00000000 ____D () C:\Users\xxx\Desktop\BC konečna
2014-05-08 15:43 - 2014-05-08 15:43 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 15:42 - 2014-05-08 15:42 - 01016261 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe
2014-05-06 16:39 - 2014-05-06 16:39 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\DropboxMaster
2014-04-30 20:06 - 2014-05-06 16:36 - 00000000 ____D () C:\Windows\AutoKMS
2014-04-30 20:06 - 2014-04-30 20:06 - 00000000 ____D () C:\Users\xxx\AppData\Local\Microsoft Toolkit
2014-04-30 16:00 - 2014-05-12 16:48 - 00001091 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-29 22:51 - 2014-04-29 22:51 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Mozilla
2014-04-25 22:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-04-25 22:06 - 2014-05-17 11:27 - 00000000 ____D () C:\AdwCleaner
2014-04-25 21:26 - 2014-04-25 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2014-04-25 21:25 - 2014-04-25 21:25 - 00000000 ____D () C:\Program Files\NAVIGON
==================== One Month Modified Files and Folders =======
2014-05-17 15:55 - 2014-05-17 15:55 - 00013579 _____ () C:\Users\xxx\Desktop\FRST.txt
2014-05-17 15:55 - 2014-05-17 15:54 - 00000000 ____D () C:\FRST
2014-05-17 15:52 - 2014-05-17 15:52 - 00112640 _____ (forum.viry.cz) C:\Users\xxx\Desktop\FRSTLauncher.exe
2014-05-17 15:49 - 2014-05-17 15:49 - 00112640 _____ (forum.viry.cz) C:\Users\xxx\Downloads\Nepotvrdené 608213.crdownload
2014-05-17 15:49 - 2014-05-17 15:49 - 00112640 _____ (forum.viry.cz) C:\Users\xxx\Downloads\Nepotvrdené 236317.crdownload
2014-05-17 15:48 - 2014-05-17 15:53 - 01056768 _____ (Farbar) C:\Users\xxx\Desktop\FRST.exe
2014-05-17 15:48 - 2014-05-17 15:48 - 01056768 _____ (Farbar) C:\Users\xxx\Downloads\FRST (1).exe
2014-05-17 15:48 - 2014-05-17 15:47 - 01056768 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe
2014-05-17 15:06 - 2013-02-28 22:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-17 15:01 - 2011-06-06 11:00 - 01561972 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 15:01 - 2010-04-20 16:30 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-17 15:01 - 2009-07-22 21:58 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-17 15:00 - 2013-07-01 22:57 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Dropbox
2014-05-17 14:59 - 2013-07-01 23:05 - 00000000 ___RD () C:\Users\xxx\Desktop\Dropbox
2014-05-17 14:58 - 2014-05-17 14:53 - 00000000 ____D () C:\zoek
2014-05-17 14:58 - 2014-05-17 14:44 - 00011456 _____ () C:\zoek-results.log
2014-05-17 14:57 - 2011-08-14 12:31 - 00000000 ____D () C:\Program Files\Connectify
2014-05-17 14:57 - 2010-06-07 16:01 - 00000000 ____D () C:\ProgramData\organiser
2014-05-17 14:56 - 2014-03-23 15:49 - 00087206 _____ () C:\Windows\PFRO.log
2014-05-17 14:56 - 2014-03-23 15:49 - 00010912 _____ () C:\Windows\error.log
2014-05-17 14:56 - 2014-03-23 15:49 - 00009768 _____ () C:\Windows\setupact.log
2014-05-17 14:56 - 2014-03-23 15:49 - 00003510 _____ () C:\Windows\errord.log
2014-05-17 14:56 - 2010-04-20 17:04 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001UA.job
2014-05-17 14:56 - 2010-04-20 17:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001Core.job
2014-05-17 14:56 - 2009-07-22 21:58 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-17 14:56 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 14:55 - 2009-07-14 06:34 - 00009584 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 14:55 - 2009-07-14 06:34 - 00009584 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 14:55 - 2009-07-14 04:04 - 00000580 _____ () C:\Windows\win.ini
2014-05-17 14:54 - 2014-05-17 14:43 - 00000000 ____D () C:\zoek_backup
2014-05-17 14:43 - 2014-05-17 14:55 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-17 14:42 - 2014-05-17 14:42 - 01285120 _____ () C:\Users\xxx\Desktop\zoek.exe
2014-05-17 14:42 - 2014-05-17 14:42 - 01285120 _____ () C:\Users\xxx\Desktop\zoek (1).exe
2014-05-17 11:27 - 2014-04-25 22:06 - 00000000 ____D () C:\AdwCleaner
2014-05-17 11:12 - 2014-05-17 11:12 - 00000732 _____ () C:\Users\xxx\Desktop\JRT.txt
2014-05-17 11:09 - 2014-05-17 11:08 - 01325827 _____ () C:\Users\xxx\Desktop\adwcleaner_3.208.exe
2014-05-16 22:07 - 2014-05-16 22:07 - 00093418 _____ () C:\Users\xxx\Desktop\Extras.Txt
2014-05-16 22:06 - 2014-05-16 22:06 - 00164548 _____ () C:\Users\xxx\Desktop\OTL.Txt
2014-05-16 21:34 - 2014-05-16 21:34 - 00000512 _____ () C:\PhysicalMBR.bin
2014-05-16 21:27 - 2014-05-16 21:27 - 00602112 _____ (OldTimer Tools) C:\Users\xxx\Desktop\OTL.exe
2014-05-16 20:20 - 2014-05-16 20:20 - 00000000 ____D () C:\rsit
2014-05-16 20:20 - 2014-05-16 20:20 - 00000000 ____D () C:\Program Files\trend micro
2014-05-16 20:19 - 2014-05-16 20:19 - 00781383 _____ () C:\Users\xxx\Desktop\RSIT.exe
2014-05-15 19:31 - 2014-05-15 19:10 - 00000000 ____D () C:\Users\xxx\Desktop\BC konečna
2014-05-15 16:37 - 2013-07-01 22:59 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 20:06 - 2013-02-28 22:06 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 20:06 - 2011-05-15 07:52 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 16:48 - 2014-04-30 16:00 - 00001091 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-12 16:48 - 2014-03-23 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-12 16:48 - 2014-03-23 13:26 - 00000000 ____D () C:\Program Files\Avira
2014-05-08 15:43 - 2014-05-08 15:43 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 15:42 - 2014-05-08 15:42 - 01016261 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe
2014-05-06 16:39 - 2014-05-06 16:39 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\DropboxMaster
2014-05-06 16:36 - 2014-04-30 20:06 - 00000000 ____D () C:\Windows\AutoKMS
2014-04-30 20:06 - 2014-04-30 20:06 - 00000000 ____D () C:\Users\xxx\AppData\Local\Microsoft Toolkit
2014-04-29 22:51 - 2014-04-29 22:51 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Mozilla
2014-04-25 22:08 - 2010-04-20 17:06 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-25 22:08 - 2010-04-20 16:27 - 00001136 _____ () C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-25 21:26 - 2014-04-25 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2014-04-25 21:26 - 2010-04-20 16:26 - 00000000 ____D () C:\Users\xxx
2014-04-25 21:25 - 2014-04-25 21:25 - 00000000 ____D () C:\Program Files\NAVIGON
Some content of TEMP:
====================
C:\Users\xxx\AppData\Local\Temp\avgnt.exe
C:\Users\xxx\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqowwyw.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-10 15:44
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:149.51 GB) (Free:106.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:87.9 GB) (Free:61.54 GB) NTFS
Drive e: () (Fixed) (Total:60.69 GB) (Free:40.66 GB) NTFS
Available physical RAM: 1648.93 MB
Total physical RAM: 3071.37 MB
Percentage of memory in use: 46%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: BAB21F87)
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=OF Extended)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001Core.job => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001UA.job => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\TEMP:182F0EEA
==================== Security Center ==================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: ESET Smart Security 4.0 (Disabled - Out of date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET Smart Security 4.0 (Disabled - Out of date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Disabled) {F3340042-195E-BB41-42D1-CDB495BB46DE}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\xxx\Desktop" je 118 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
"C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CDAServer
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify
C:\Program Files\Connectify\Connectify.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverChecker.exe
C:\Program Files\Driver Checker\DriverChecker.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
"C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Greenshot
"C:\Program Files\Greenshot\Greenshot.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby
"c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Down2Home.lnk
E:\PROGRA~1\DOWN2H~1\DOWN2H~1.EXE [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~1\MCAFEE~1\307523~1.318\SSSCHE~1.EXE [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk
E:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tele.ring Mobile Internet.lnk
C:\PROGRA~1\telering\TELE~1.RIN\TELERI~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk
C:\Windows\INSTAL~1\{8DB05~1\_E6D97~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Obrazovkov� spinka a sp��a� programu OneNote 2010.lnk
E:\PROGRA~1\MICROS~1\Office14\ONENOTEM.EXE [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by xxx (administrator) on NOTEBOOK on 17-05-2014 15:55:06
Running from C:\Users\xxx\Desktop
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: 041B
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nomadio, Inc.) C:\Program Files\Connectify\ConnectifyService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(ESET) E:\Program Files\ESET\ESET Smart Security\ekrn.exe
(OptionNV) C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe
(Acresso) C:\Program Files\Vivid WorkshopData ATI\organiseronlyservice.exe
(Sun Microsystems, Inc.) C:\Program Files\Vivid WorkshopData ATI\jre\bin\javaw.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Chris Pietschmann (http://pietschsoft.com)) C:\Program Files\Virtual Router\VirtualRouterService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Nomadio, Inc.) C:\Program Files\Connectify\Connectifyd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Dropbox, Inc.) C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(forum.viry.cz) C:\Users\xxx\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-133471220-1541798625-982354155-1001\...\Run: [] => [X]
HKU\S-1-5-21-133471220-1541798625-982354155-1001\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-133471220-1541798625-982354155-1001\...\MountPoints2: {2371fc67-b9a2-11e0-97e7-00242162c0ea} - I:\setup.exe AUTORUN=1
HKU\S-1-5-21-133471220-1541798625-982354155-1001\...\MountPoints2: {43cfa231-6319-11df-bc68-00242162c0ea} - G:\SETUP.EXE
HKU\S-1-5-21-133471220-1541798625-982354155-1001\...\MountPoints2: {6e6a6859-79dc-11df-b45c-00242162c0ea} - "H:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x573578C93078CC01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - E:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\xxx\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\xxx\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\xxx\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\xxx\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\xxx\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - E:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: Eset Plugin - E:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-04-20]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ []
Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17]
CHR Extension: (Disk Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-17]
CHR Extension: (YouTube) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-17]
CHR Extension: (Hľadať v Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-17]
CHR Extension: (Peňaženka Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17]
CHR Extension: (Gmail) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-17]
CHR StartMenuInternet: Google Chrome - C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.)
S3 EhttpSrv; E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [20680 2009-02-06] (ESET)
R2 ekrn; E:\Program Files\ESET\ESET Smart Security\ekrn.exe [727720 2009-02-06] (ESET)
R2 GtDetectSc; C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe [196704 2007-12-18] (OptionNV)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 organiserservice; C:\Program Files\Vivid WorkshopData ATI\organiseronlyservice.exe [115712 2010-07-07] (Acresso)
R2 Virtual Router; C:\Program Files\Virtual Router\VirtualRouterService.exe [12288 2009-11-18] (Chris Pietschmann (http://pietschsoft.com))
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [21638 2008-08-22] ()
R2 NSHE; C:\Windows\system32\Drivers\NSHE.SYS [97792 2008-11-23] (T0r0 2008)
R1 PQNTDrv; C:\Windows\system32\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-19] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-01-12] (TeamViewer GmbH)
U3 adv3lq9t; C:\Windows\system32\Drivers\adv3lq9t.sys [0 ] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-17 15:55 - 2014-05-17 15:55 - 00013579 _____ () C:\Users\xxx\Desktop\FRST.txt
2014-05-17 15:54 - 2014-05-17 15:55 - 00000000 ____D () C:\FRST
2014-05-17 15:53 - 2014-05-17 15:48 - 01056768 _____ (Farbar) C:\Users\xxx\Desktop\FRST.exe
2014-05-17 15:52 - 2014-05-17 15:52 - 00112640 _____ (forum.viry.cz) C:\Users\xxx\Desktop\FRSTLauncher.exe
2014-05-17 15:49 - 2014-05-17 15:49 - 00112640 _____ (forum.viry.cz) C:\Users\xxx\Downloads\Nepotvrdené 608213.crdownload
2014-05-17 15:49 - 2014-05-17 15:49 - 00112640 _____ (forum.viry.cz) C:\Users\xxx\Downloads\Nepotvrdené 236317.crdownload
2014-05-17 15:48 - 2014-05-17 15:48 - 01056768 _____ (Farbar) C:\Users\xxx\Downloads\FRST (1).exe
2014-05-17 15:47 - 2014-05-17 15:48 - 01056768 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe
2014-05-17 14:55 - 2014-05-17 14:43 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-17 14:53 - 2014-05-17 14:58 - 00000000 ____D () C:\zoek
2014-05-17 14:44 - 2014-05-17 14:58 - 00011456 _____ () C:\zoek-results.log
2014-05-17 14:43 - 2014-05-17 14:54 - 00000000 ____D () C:\zoek_backup
2014-05-17 14:42 - 2014-05-17 14:42 - 01285120 _____ () C:\Users\xxx\Desktop\zoek.exe
2014-05-17 14:42 - 2014-05-17 14:42 - 01285120 _____ () C:\Users\xxx\Desktop\zoek (1).exe
2014-05-17 11:12 - 2014-05-17 11:12 - 00000732 _____ () C:\Users\xxx\Desktop\JRT.txt
2014-05-17 11:08 - 2014-05-17 11:09 - 01325827 _____ () C:\Users\xxx\Desktop\adwcleaner_3.208.exe
2014-05-16 22:07 - 2014-05-16 22:07 - 00093418 _____ () C:\Users\xxx\Desktop\Extras.Txt
2014-05-16 22:06 - 2014-05-16 22:06 - 00164548 _____ () C:\Users\xxx\Desktop\OTL.Txt
2014-05-16 21:34 - 2014-05-16 21:34 - 00000512 _____ () C:\PhysicalMBR.bin
2014-05-16 21:27 - 2014-05-16 21:27 - 00602112 _____ (OldTimer Tools) C:\Users\xxx\Desktop\OTL.exe
2014-05-16 20:20 - 2014-05-16 20:20 - 00000000 ____D () C:\rsit
2014-05-16 20:20 - 2014-05-16 20:20 - 00000000 ____D () C:\Program Files\trend micro
2014-05-16 20:19 - 2014-05-16 20:19 - 00781383 _____ () C:\Users\xxx\Desktop\RSIT.exe
2014-05-15 19:10 - 2014-05-15 19:31 - 00000000 ____D () C:\Users\xxx\Desktop\BC konečna
2014-05-08 15:43 - 2014-05-08 15:43 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 15:42 - 2014-05-08 15:42 - 01016261 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe
2014-05-06 16:39 - 2014-05-06 16:39 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\DropboxMaster
2014-04-30 20:06 - 2014-05-06 16:36 - 00000000 ____D () C:\Windows\AutoKMS
2014-04-30 20:06 - 2014-04-30 20:06 - 00000000 ____D () C:\Users\xxx\AppData\Local\Microsoft Toolkit
2014-04-30 16:00 - 2014-05-12 16:48 - 00001091 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-29 22:51 - 2014-04-29 22:51 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Mozilla
2014-04-25 22:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-04-25 22:06 - 2014-05-17 11:27 - 00000000 ____D () C:\AdwCleaner
2014-04-25 21:26 - 2014-04-25 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2014-04-25 21:25 - 2014-04-25 21:25 - 00000000 ____D () C:\Program Files\NAVIGON
==================== One Month Modified Files and Folders =======
2014-05-17 15:55 - 2014-05-17 15:55 - 00013579 _____ () C:\Users\xxx\Desktop\FRST.txt
2014-05-17 15:55 - 2014-05-17 15:54 - 00000000 ____D () C:\FRST
2014-05-17 15:52 - 2014-05-17 15:52 - 00112640 _____ (forum.viry.cz) C:\Users\xxx\Desktop\FRSTLauncher.exe
2014-05-17 15:49 - 2014-05-17 15:49 - 00112640 _____ (forum.viry.cz) C:\Users\xxx\Downloads\Nepotvrdené 608213.crdownload
2014-05-17 15:49 - 2014-05-17 15:49 - 00112640 _____ (forum.viry.cz) C:\Users\xxx\Downloads\Nepotvrdené 236317.crdownload
2014-05-17 15:48 - 2014-05-17 15:53 - 01056768 _____ (Farbar) C:\Users\xxx\Desktop\FRST.exe
2014-05-17 15:48 - 2014-05-17 15:48 - 01056768 _____ (Farbar) C:\Users\xxx\Downloads\FRST (1).exe
2014-05-17 15:48 - 2014-05-17 15:47 - 01056768 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe
2014-05-17 15:06 - 2013-02-28 22:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-17 15:01 - 2011-06-06 11:00 - 01561972 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 15:01 - 2010-04-20 16:30 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-17 15:01 - 2009-07-22 21:58 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-17 15:00 - 2013-07-01 22:57 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Dropbox
2014-05-17 14:59 - 2013-07-01 23:05 - 00000000 ___RD () C:\Users\xxx\Desktop\Dropbox
2014-05-17 14:58 - 2014-05-17 14:53 - 00000000 ____D () C:\zoek
2014-05-17 14:58 - 2014-05-17 14:44 - 00011456 _____ () C:\zoek-results.log
2014-05-17 14:57 - 2011-08-14 12:31 - 00000000 ____D () C:\Program Files\Connectify
2014-05-17 14:57 - 2010-06-07 16:01 - 00000000 ____D () C:\ProgramData\organiser
2014-05-17 14:56 - 2014-03-23 15:49 - 00087206 _____ () C:\Windows\PFRO.log
2014-05-17 14:56 - 2014-03-23 15:49 - 00010912 _____ () C:\Windows\error.log
2014-05-17 14:56 - 2014-03-23 15:49 - 00009768 _____ () C:\Windows\setupact.log
2014-05-17 14:56 - 2014-03-23 15:49 - 00003510 _____ () C:\Windows\errord.log
2014-05-17 14:56 - 2010-04-20 17:04 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001UA.job
2014-05-17 14:56 - 2010-04-20 17:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001Core.job
2014-05-17 14:56 - 2009-07-22 21:58 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-17 14:56 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 14:55 - 2009-07-14 06:34 - 00009584 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 14:55 - 2009-07-14 06:34 - 00009584 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 14:55 - 2009-07-14 04:04 - 00000580 _____ () C:\Windows\win.ini
2014-05-17 14:54 - 2014-05-17 14:43 - 00000000 ____D () C:\zoek_backup
2014-05-17 14:43 - 2014-05-17 14:55 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-17 14:42 - 2014-05-17 14:42 - 01285120 _____ () C:\Users\xxx\Desktop\zoek.exe
2014-05-17 14:42 - 2014-05-17 14:42 - 01285120 _____ () C:\Users\xxx\Desktop\zoek (1).exe
2014-05-17 11:27 - 2014-04-25 22:06 - 00000000 ____D () C:\AdwCleaner
2014-05-17 11:12 - 2014-05-17 11:12 - 00000732 _____ () C:\Users\xxx\Desktop\JRT.txt
2014-05-17 11:09 - 2014-05-17 11:08 - 01325827 _____ () C:\Users\xxx\Desktop\adwcleaner_3.208.exe
2014-05-16 22:07 - 2014-05-16 22:07 - 00093418 _____ () C:\Users\xxx\Desktop\Extras.Txt
2014-05-16 22:06 - 2014-05-16 22:06 - 00164548 _____ () C:\Users\xxx\Desktop\OTL.Txt
2014-05-16 21:34 - 2014-05-16 21:34 - 00000512 _____ () C:\PhysicalMBR.bin
2014-05-16 21:27 - 2014-05-16 21:27 - 00602112 _____ (OldTimer Tools) C:\Users\xxx\Desktop\OTL.exe
2014-05-16 20:20 - 2014-05-16 20:20 - 00000000 ____D () C:\rsit
2014-05-16 20:20 - 2014-05-16 20:20 - 00000000 ____D () C:\Program Files\trend micro
2014-05-16 20:19 - 2014-05-16 20:19 - 00781383 _____ () C:\Users\xxx\Desktop\RSIT.exe
2014-05-15 19:31 - 2014-05-15 19:10 - 00000000 ____D () C:\Users\xxx\Desktop\BC konečna
2014-05-15 16:37 - 2013-07-01 22:59 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 20:06 - 2013-02-28 22:06 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 20:06 - 2011-05-15 07:52 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 16:48 - 2014-04-30 16:00 - 00001091 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-12 16:48 - 2014-03-23 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-12 16:48 - 2014-03-23 13:26 - 00000000 ____D () C:\Program Files\Avira
2014-05-08 15:43 - 2014-05-08 15:43 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 15:42 - 2014-05-08 15:42 - 01016261 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe
2014-05-06 16:39 - 2014-05-06 16:39 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\DropboxMaster
2014-05-06 16:36 - 2014-04-30 20:06 - 00000000 ____D () C:\Windows\AutoKMS
2014-04-30 20:06 - 2014-04-30 20:06 - 00000000 ____D () C:\Users\xxx\AppData\Local\Microsoft Toolkit
2014-04-29 22:51 - 2014-04-29 22:51 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Mozilla
2014-04-25 22:08 - 2010-04-20 17:06 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-25 22:08 - 2010-04-20 16:27 - 00001136 _____ () C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-25 21:26 - 2014-04-25 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2014-04-25 21:26 - 2010-04-20 16:26 - 00000000 ____D () C:\Users\xxx
2014-04-25 21:25 - 2014-04-25 21:25 - 00000000 ____D () C:\Program Files\NAVIGON
Some content of TEMP:
====================
C:\Users\xxx\AppData\Local\Temp\avgnt.exe
C:\Users\xxx\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqowwyw.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-10 15:44
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:149.51 GB) (Free:106.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:87.9 GB) (Free:61.54 GB) NTFS
Drive e: () (Fixed) (Total:60.69 GB) (Free:40.66 GB) NTFS
Available physical RAM: 1648.93 MB
Total physical RAM: 3071.37 MB
Percentage of memory in use: 46%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: BAB21F87)
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=OF Extended)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001Core.job => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-133471220-1541798625-982354155-1001UA.job => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\TEMP:182F0EEA
==================== Security Center ==================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: ESET Smart Security 4.0 (Disabled - Out of date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET Smart Security 4.0 (Disabled - Out of date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Disabled) {F3340042-195E-BB41-42D1-CDB495BB46DE}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\xxx\Desktop" je 118 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
"C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CDAServer
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify
C:\Program Files\Connectify\Connectify.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverChecker.exe
C:\Program Files\Driver Checker\DriverChecker.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
"C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Greenshot
"C:\Program Files\Greenshot\Greenshot.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby
"c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Down2Home.lnk
E:\PROGRA~1\DOWN2H~1\DOWN2H~1.EXE [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~1\MCAFEE~1\307523~1.318\SSSCHE~1.EXE [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk
E:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tele.ring Mobile Internet.lnk
C:\PROGRA~1\telering\TELE~1.RIN\TELERI~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk
C:\Windows\INSTAL~1\{8DB05~1\_E6D97~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Obrazovkov� spinka a sp��a� programu OneNote 2010.lnk
E:\PROGRA~1\MICROS~1\Office14\ONENOTEM.EXE [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Přispějete na provoz fóra?