Prosim o preventivni kontrolu logu. PC se zda pomalejsi nez obvykle.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Eee Pc at 2014-06-12 19:26:03
Microsoft Windows 7 Starter Service Pack 1
System drive C: has 30 GB (24%) free of 127 GB
Total RAM: 1014 MB (26% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:26:39, on 12.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\System32\SupportAppXL\AutoDect.exe
C:\Program Files\EMET\EMET_notifier.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\Lingoes.exe
C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Users\Eee Pc\Downloads\RSIT(1).exe
C:\Program Files\trend micro\Eee Pc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl11] C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [autodetect] C:\Windows\system32\SupportAppXL\AutoDect.exe
O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Lingoes] C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\Lingoes.exe -minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 6985 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default
prefs.js - "browser.startup.homepage" - "http://th.hao123.com/?tn=oc_pay_hp_03_hao123_th"
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\components\
ConsoleAPI.js
nsInputListAutoComplete.js
nsUrlClassifierHashCompleter.js
PlacesCategoriesStarter.js
TelemetryPing.js
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions\
{9d1f059c-cada-4111-9696-41a62d64e3ba}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-05-02 436600]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-04-19 142104]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-04-19 174360]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-04-19 150808]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-05-23 10082920]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"RemoteControl11"=C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe [2011-11-21 234792]
"HotkeyMon"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe []
"HotkeyService"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe []
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-06-10 548744]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2014-05-28 310064]
"autodetect"=C:\Windows\system32\SupportAppXL\AutoDect.exe [2010-12-27 129872]
"EMET Notifier"=C:\Program Files\EMET\EMET_notifier.exe [2012-05-09 152152]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2014-06-07 3890208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2014-05-28 843568]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
"KiesPreload"=C:\Program Files\Samsung\Kies\Kies.exe [2014-05-28 1563440]
""=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2014-05-28 843568]
"Lingoes"=C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\Lingoes.exe [2013-03-30 2506752]
C:\Users\Eee Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-04-11 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.ACDV"=ACDV.dll
"msacm.divxa32"=msaud32_divx.acm
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-06-12 18:40:19 ----A---- C:\Windows\system32\rdpcorets.dll
2014-06-12 18:40:18 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 18:17:02 ----A---- C:\Toolbox.exe
2014-06-12 18:17:02 ----A---- C:\readme.txt
2014-06-12 18:16:56 ----AD---- C:\tools
2014-06-12 18:16:56 ----AD---- C:\logo
2014-06-11 15:13:04 ----D---- C:\Program Files\Mozilla Firefox
2014-06-10 03:58:30 ----D---- C:\Users\Eee Pc\AppData\Roaming\PhotoFiltre 7
2014-06-10 03:58:21 ----D---- C:\Program Files\PhotoFiltre 7
2014-06-10 02:04:30 ----ASH---- C:\pagefile.sys
2014-06-08 03:03:38 ----D---- C:\ProgramData\GRETECH
2014-06-08 03:03:02 ----D---- C:\Users\Eee Pc\AppData\Roaming\baidu
2014-06-02 16:12:39 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 12:32:47 ----A---- C:\Windows\system32\mshtmled.dll
2014-05-15 12:32:41 ----A---- C:\Windows\system32\mshtml.dll
2014-05-15 12:31:30 ----A---- C:\Windows\system32\aepdu.dll
2014-05-15 12:31:29 ----A---- C:\Windows\system32\aeinv.dll
2014-05-15 12:31:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
2014-05-15 12:31:20 ----A---- C:\Windows\system32\kerberos.dll
2014-05-15 12:31:19 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-15 12:31:19 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-15 12:31:18 ----A---- C:\Windows\system32\winlogon.exe
2014-05-15 12:31:18 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-15 12:31:17 ----A---- C:\Windows\system32\objsel.dll
2014-05-15 12:31:16 ----A---- C:\Windows\system32\wdigest.dll
2014-05-15 12:31:16 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-15 12:31:15 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\schannel.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-15 12:31:14 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\cngprovider.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\capiprovider.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\adprovider.dll
2014-05-15 12:31:13 ----A---- C:\Windows\system32\sspicli.dll
2014-05-15 12:31:13 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-15 12:31:13 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-05-15 12:31:12 ----A---- C:\Windows\system32\wincredprovider.dll
2014-05-15 12:31:12 ----A---- C:\Windows\system32\lsass.exe
2014-05-15 12:31:12 ----A---- C:\Windows\system32\credssp.dll
2014-05-15 12:31:11 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-15 12:31:11 ----A---- C:\Windows\system32\secur32.dll
2014-05-15 12:28:59 ----A---- C:\Windows\system32\shell32.dll
======List of files/folders modified in the last 1 month======
2014-06-12 19:26:21 ----D---- C:\Windows\Temp
2014-06-12 19:26:17 ----D---- C:\Program Files\trend micro
2014-06-12 19:24:00 ----D---- C:\Windows\system32\config
2014-06-12 19:06:44 ----D---- C:\Users\Eee Pc\AppData\Roaming\Dropbox
2014-06-12 19:06:01 ----D---- C:\Users\Eee Pc\AppData\Roaming\DropboxMaster
2014-06-12 18:45:07 ----D---- C:\Windows\system32\MRT
2014-06-12 18:45:00 ----D---- C:\Windows\debug
2014-06-12 18:44:44 ----A---- C:\Windows\system32\MRT.exe
2014-06-12 18:43:27 ----D---- C:\Windows\winsxs
2014-06-12 18:43:21 ----D---- C:\Windows\System32
2014-06-12 18:40:31 ----D---- C:\Windows\system32\catroot
2014-06-12 18:38:30 ----D---- C:\Windows\system32\catroot2
2014-06-12 18:20:03 ----D---- C:\Windows\Prefetch
2014-06-12 13:51:42 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-06-12 01:08:38 ----D---- C:\Users\Eee Pc\AppData\Roaming\uTorrent
2014-06-11 15:18:47 ----RD---- C:\Program Files
2014-06-11 01:59:38 ----D---- C:\Users\Eee Pc\AppData\Roaming\Skype
2014-06-09 20:44:37 ----D---- C:\Windows\Microsoft.NET
2014-06-09 17:11:21 ----D---- C:\Windows\system32\DriverStore
2014-06-09 17:11:20 ----D---- C:\Windows\inf
2014-06-08 03:06:20 ----D---- C:\Users\Eee Pc\AppData\Roaming\Media Player Classic
2014-06-08 03:03:38 ----HD---- C:\ProgramData
2014-06-08 03:02:45 ----D---- C:\Users\Eee Pc\AppData\Roaming\OpenCandy
2014-06-07 20:48:26 ----SHD---- C:\System Volume Information
2014-06-07 18:34:04 ----D---- C:\Windows
2014-06-07 18:22:49 ----D---- C:\Windows\Panther
2014-06-07 18:22:43 ----D---- C:\Windows\Logs
2014-06-07 18:22:42 ----D---- C:\Windows\Minidump
2014-06-07 17:19:20 ----D---- C:\Windows\system32\Tasks
2014-06-07 17:19:16 ----D---- C:\Users\Eee Pc\AppData\Roaming\Maxthon3
2014-06-07 16:56:54 ----D---- C:\Windows\Tasks
2014-06-02 15:56:37 ----D---- C:\Windows\system32\Macromed
2014-06-02 02:07:07 ----D---- C:\Users\Eee Pc\AppData\Roaming\vlc
2014-05-16 13:30:14 ----D---- C:\Windows\system32\drivers
2014-05-15 14:22:58 ----D---- C:\Windows\rescache
2014-05-15 13:24:18 ----RSD---- C:\Windows\assembly
2014-05-15 13:04:20 ----SD---- C:\Windows\system32\CompatTel
2014-05-15 13:04:19 ----D---- C:\Windows\system32\en-US
2014-05-15 12:36:05 ----SHD---- C:\Windows\Installer
2014-05-15 12:16:00 ----D---- C:\Program Files\Common Files\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-05-02 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-05-02 180632]
R0 Bhbase;Baidu Hook Base; C:\Windows\System32\drivers\Bhbase.sys [2013-09-03 47456]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-05-02 81768]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-05-16 777488]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-05-16 411680]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-06 242240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/05/28 15:02:27]; \??\C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-11-16 77296]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-05-02 24184]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-05-02 67824]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-05-16 68312]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]
R2 ntk_PowerDVD;ntk_PowerDVD; \??\C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-11-21 71664]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2011-06-27 2191872]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-07-21 102912]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2013-05-22 37344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-04-11 4815872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-05-17 3499752]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 13880]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys [2010-05-10 68208]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BprotectEx;Baidu ProtectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-04-28 54632]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-10-18 9216]
S3 PCFApiUtil;PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2013-08-21 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2013-08-21 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2013-08-21 153672]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 49664]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2010-10-18 105088]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2010-10-18 105088]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2010-10-18 105088]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-19 65432]
R2 AsusService;Asus Launcher Service; C:\Windows\System32\AsusService.exe [2009-08-18 219136]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-05-02 50344]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-11-21 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-11-11 75048]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-11-11 292136]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2013-05-22 233472]
R2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-13 116648]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-13 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 108032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-11 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-09-16 529744]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivka
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Re: Preventivka
Zdravim 
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Stardust
- Vzorný návštěvník
- Příspěvky: 43
- Registrován: 08 lis 2007 07:59
- Bydliště: (problém) mezi křeslem a klávesnicí
Re: Preventivka
# AdwCleaner v3.212 - Report created 13/06/2014 at 01:20:13
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Eee Pc - EEEPC-PC
# Running from : C:\Users\Eee Pc\Desktop\adwcleaner_3.212.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Users\Eee Pc\AppData\Roaming\baidu
Folder Deleted : C:\Users\Eee Pc\AppData\Roaming\OpenCandy
File Deleted : C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v30.0 (en-US)
[ File : C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=TH&userid=d98ca9d6-6e65-4002-a41a-dc30c02b74cc&searchtype=ds&q={searchTerms}&installDate=06/04/2013
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={9ED95B3B-F469-413D-A169-82160EBB64A9}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
*************************
AdwCleaner[R0].txt - [2335 octets] - [13/06/2014 01:17:24]
AdwCleaner[S0].txt - [2298 octets] - [13/06/2014 01:20:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2358 octets] ##########
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Eee Pc - EEEPC-PC
# Running from : C:\Users\Eee Pc\Desktop\adwcleaner_3.212.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Users\Eee Pc\AppData\Roaming\baidu
Folder Deleted : C:\Users\Eee Pc\AppData\Roaming\OpenCandy
File Deleted : C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v30.0 (en-US)
[ File : C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=TH&userid=d98ca9d6-6e65-4002-a41a-dc30c02b74cc&searchtype=ds&q={searchTerms}&installDate=06/04/2013
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={9ED95B3B-F469-413D-A169-82160EBB64A9}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
*************************
AdwCleaner[R0].txt - [2335 octets] - [13/06/2014 01:17:24]
AdwCleaner[S0].txt - [2298 octets] - [13/06/2014 01:20:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2358 octets] ##########
Re: Preventivka
Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Stardust
- Vzorný návštěvník
- Příspěvky: 43
- Registrován: 08 lis 2007 07:59
- Bydliště: (problém) mezi křeslem a klávesnicí
Re: Preventivka
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org
Verze: v2014.06.13.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17107
Eee Pc :: EEEPC-PC [administrátor]
Ochrana: Povolena
13.6.2014 13:40:59
MBAM-log-2014-06-13 (19-24-42).txt
Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 370826
Uplynulý čas: 1 hodin, 49 minut, 44 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 8
C:\Users\Eee Pc\Downloads\4shared_Desktop_4.0.0bth.exe (PUP.Optional.4Shared) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\rar password cracker setup.exe (PUP.AdBundle) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\WinHotSpot_Downloader.exe (PUP.Optional.Softonic.A) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\YTDSetup(1).exe (PUP.Optional.Spigot.A) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\YTDSetup.exe (PUP.Optional.Spigot.A) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\backup phone\download\CodecPerformerSetup.exe (Adware.InstallBrain) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\backup phone\download\WallpaperManagerApp__3063_il2059643.exe (PUP.Optional.Amonetize.A) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\backup phone\download\WallpaperManagerApp__3063_il2601828.exe (PUP.Optional.Amonetize.A) -> Nebyla provedena žádná instrukce.
(konec)
www.malwarebytes.org
Verze: v2014.06.13.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17107
Eee Pc :: EEEPC-PC [administrátor]
Ochrana: Povolena
13.6.2014 13:40:59
MBAM-log-2014-06-13 (19-24-42).txt
Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 370826
Uplynulý čas: 1 hodin, 49 minut, 44 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 8
C:\Users\Eee Pc\Downloads\4shared_Desktop_4.0.0bth.exe (PUP.Optional.4Shared) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\rar password cracker setup.exe (PUP.AdBundle) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\WinHotSpot_Downloader.exe (PUP.Optional.Softonic.A) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\YTDSetup(1).exe (PUP.Optional.Spigot.A) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\YTDSetup.exe (PUP.Optional.Spigot.A) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\backup phone\download\CodecPerformerSetup.exe (Adware.InstallBrain) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\backup phone\download\WallpaperManagerApp__3063_il2059643.exe (PUP.Optional.Amonetize.A) -> Nebyla provedena žádná instrukce.
C:\Users\Eee Pc\Downloads\backup phone\download\WallpaperManagerApp__3063_il2601828.exe (PUP.Optional.Amonetize.A) -> Nebyla provedena žádná instrukce.
(konec)
Re: Preventivka
Nalezy nechte odstranit, pak MBAM odinstalujte. Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Stardust
- Vzorný návštěvník
- Příspěvky: 43
- Registrován: 08 lis 2007 07:59
- Bydliště: (problém) mezi křeslem a klávesnicí
Re: Preventivka
----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 7 Starter Edition SP1 [6.1 Build 7601] (x86)
Date : 2014/06/14 18:07:30
-- Controller Map ----------------------------------------------------------
+ Standard AHCI 1.0 Serial ATA Controller [ATA]
+ ATA Channel 0 (0)
- TOSHIBA MQ01ABD050 ATA Device
-- Disk List ---------------------------------------------------------------
(1) TOSHIBA MQ01ABD050 : 500,1 GB [0/0/0, pd1]
----------------------------------------------------------------------------
(1) TOSHIBA MQ01ABD050
----------------------------------------------------------------------------
Model : TOSHIBA MQ01ABD050
Firmware : AX001A
Serial Number : 22TAF8TUS
Disk Size : 500,1 GB (8,4/137,4/500,1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 10925 hod.
Power On Count : 1126 krát
Temparature : 45 C (113 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _50 000000000000 Počet chyb čtení
02 100 100 _50 000000000000 Průchodnost disku
03 100 100 __1 000000000437 Čas na roztočení ploten
04 100 100 __0 00000000046A Počet spuštění/zastavení
05 100 100 _50 000000000000 Počet přemapovaných sektorů
07 100 100 _50 000000000000 Počet chybných hledání
08 100 100 _50 000000000000 Čas potřebný na vyhledání
09 _73 _73 __0 000000002AAD Hodin v činnosti
0A 122 100 _30 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 __0 000000000466 Počet cyklů zapnutí zařízení
BF 100 100 __0 000000063E39 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000043 Počet vypnutí disku
C1 _74 _74 __0 000000041978 Počet cyklů načítání/vymazání
C2 100 100 __0 00340019002D Teplota
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
DC 100 100 __0 000000000000 Posunutí disku vůči ose
DE _82 _82 __0 000000001CA7 Počet hodin zalažení budoucího mechanismu magnetických hlav
DF 100 100 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E0 100 100 __0 000000000000 Zatížení budiče magnetických hlav způsobené napětím mechanických částí
E2 100 100 __0 000000000103 Celkový čas zatížení budiče magnetických hlav
F0 100 100 __1 000000000000 Čas nastavování hlaviček - v hodinách
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 3254 3254 4146 3854 5553
020: 0000 4000 0000 4158 3030 2020 2020 544F 5348 4942
030: 4120 4D51 3031 4142 4430 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0007 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0F06 0F06 0004 004C 0040
080: 01F8 0000 746B 7D09 6163 BC09 BC09 6163 203F 003B
090: 003B 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 6003 6003 0000 5000 0393
110: D6C0 6E6B 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 003D 003D 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 4CA5
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 7 Starter Edition SP1 [6.1 Build 7601] (x86)
Date : 2014/06/14 18:07:30
-- Controller Map ----------------------------------------------------------
+ Standard AHCI 1.0 Serial ATA Controller [ATA]
+ ATA Channel 0 (0)
- TOSHIBA MQ01ABD050 ATA Device
-- Disk List ---------------------------------------------------------------
(1) TOSHIBA MQ01ABD050 : 500,1 GB [0/0/0, pd1]
----------------------------------------------------------------------------
(1) TOSHIBA MQ01ABD050
----------------------------------------------------------------------------
Model : TOSHIBA MQ01ABD050
Firmware : AX001A
Serial Number : 22TAF8TUS
Disk Size : 500,1 GB (8,4/137,4/500,1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 10925 hod.
Power On Count : 1126 krát
Temparature : 45 C (113 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _50 000000000000 Počet chyb čtení
02 100 100 _50 000000000000 Průchodnost disku
03 100 100 __1 000000000437 Čas na roztočení ploten
04 100 100 __0 00000000046A Počet spuštění/zastavení
05 100 100 _50 000000000000 Počet přemapovaných sektorů
07 100 100 _50 000000000000 Počet chybných hledání
08 100 100 _50 000000000000 Čas potřebný na vyhledání
09 _73 _73 __0 000000002AAD Hodin v činnosti
0A 122 100 _30 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 __0 000000000466 Počet cyklů zapnutí zařízení
BF 100 100 __0 000000063E39 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000043 Počet vypnutí disku
C1 _74 _74 __0 000000041978 Počet cyklů načítání/vymazání
C2 100 100 __0 00340019002D Teplota
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
DC 100 100 __0 000000000000 Posunutí disku vůči ose
DE _82 _82 __0 000000001CA7 Počet hodin zalažení budoucího mechanismu magnetických hlav
DF 100 100 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E0 100 100 __0 000000000000 Zatížení budiče magnetických hlav způsobené napětím mechanických částí
E2 100 100 __0 000000000103 Celkový čas zatížení budiče magnetických hlav
F0 100 100 __1 000000000000 Čas nastavování hlaviček - v hodinách
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 3254 3254 4146 3854 5553
020: 0000 4000 0000 4158 3030 2020 2020 544F 5348 4942
030: 4120 4D51 3031 4142 4430 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0007 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0F06 0F06 0004 004C 0040
080: 01F8 0000 746B 7D09 6163 BC09 BC09 6163 203F 003B
090: 003B 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 6003 6003 0000 5000 0393
110: D6C0 6E6B 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 003D 003D 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 4CA5
Re: Preventivka
Dejte novy log z RSIT
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Stardust
- Vzorný návštěvník
- Příspěvky: 43
- Registrován: 08 lis 2007 07:59
- Bydliště: (problém) mezi křeslem a klávesnicí
Re: Preventivka
Logfile of random's system information tool 1.10 (written by random/random)
Run by Eee Pc at 2014-06-14 18:37:21
Microsoft Windows 7 Starter Service Pack 1
System drive C: has 30 GB (24%) free of 127 GB
Total RAM: 1014 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:37:45, on 14.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\System32\SupportAppXL\AutoDect.exe
C:\Program Files\EMET\EMET_notifier.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\Lingoes.exe
C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Eee Pc\Downloads\RSIT(1).exe
C:\Program Files\trend micro\Eee Pc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl11] C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [autodetect] C:\Windows\system32\SupportAppXL\AutoDect.exe
O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Lingoes] C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\Lingoes.exe -minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 6905 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default
prefs.js - "browser.startup.homepage" - "http://th.hao123.com/?tn=oc_pay_hp_03_hao123_th"
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\components\
ConsoleAPI.js
nsInputListAutoComplete.js
nsUrlClassifierHashCompleter.js
PlacesCategoriesStarter.js
TelemetryPing.js
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions\
{9d1f059c-cada-4111-9696-41a62d64e3ba}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-05-02 436600]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-04-19 142104]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-04-19 174360]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-04-19 150808]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-05-23 10082920]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"RemoteControl11"=C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe [2011-11-21 234792]
"HotkeyMon"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe []
"HotkeyService"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe []
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-06-10 548744]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2014-05-28 310064]
"autodetect"=C:\Windows\system32\SupportAppXL\AutoDect.exe [2010-12-27 129872]
"EMET Notifier"=C:\Program Files\EMET\EMET_notifier.exe [2012-05-09 152152]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2014-06-07 3890208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2014-05-28 843568]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
"KiesPreload"=C:\Program Files\Samsung\Kies\Kies.exe [2014-05-28 1563440]
""=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2014-05-28 843568]
"Lingoes"=C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\Lingoes.exe [2013-03-30 2506752]
C:\Users\Eee Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-04-11 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.ACDV"=ACDV.dll
"msacm.divxa32"=msaud32_divx.acm
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-06-13 13:37:11 ----D---- C:\Users\Eee Pc\AppData\Roaming\Malwarebytes
2014-06-13 13:36:03 ----D---- C:\ProgramData\Malwarebytes
2014-06-13 01:19:10 ----A---- C:\Windows\system32\sqlite3.dll
2014-06-13 01:17:19 ----D---- C:\AdwCleaner
2014-06-12 18:40:19 ----A---- C:\Windows\system32\rdpcorets.dll
2014-06-12 18:40:18 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 18:17:02 ----A---- C:\Toolbox.exe
2014-06-12 18:17:02 ----A---- C:\readme.txt
2014-06-12 18:16:56 ----AD---- C:\tools
2014-06-12 18:16:56 ----AD---- C:\logo
2014-06-11 15:13:04 ----D---- C:\Program Files\Mozilla Firefox
2014-06-10 03:58:30 ----D---- C:\Users\Eee Pc\AppData\Roaming\PhotoFiltre 7
2014-06-10 03:58:21 ----D---- C:\Program Files\PhotoFiltre 7
2014-06-10 02:04:30 ----ASH---- C:\pagefile.sys
2014-06-08 03:03:38 ----D---- C:\ProgramData\GRETECH
2014-06-02 16:12:39 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 12:32:47 ----A---- C:\Windows\system32\mshtmled.dll
2014-05-15 12:32:41 ----A---- C:\Windows\system32\mshtml.dll
2014-05-15 12:31:30 ----A---- C:\Windows\system32\aepdu.dll
2014-05-15 12:31:29 ----A---- C:\Windows\system32\aeinv.dll
2014-05-15 12:31:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
2014-05-15 12:31:20 ----A---- C:\Windows\system32\kerberos.dll
2014-05-15 12:31:19 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-15 12:31:19 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-15 12:31:18 ----A---- C:\Windows\system32\winlogon.exe
2014-05-15 12:31:18 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-15 12:31:17 ----A---- C:\Windows\system32\objsel.dll
2014-05-15 12:31:16 ----A---- C:\Windows\system32\wdigest.dll
2014-05-15 12:31:16 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-15 12:31:15 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\schannel.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-15 12:31:14 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\cngprovider.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\capiprovider.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\adprovider.dll
2014-05-15 12:31:13 ----A---- C:\Windows\system32\sspicli.dll
2014-05-15 12:31:13 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-15 12:31:13 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-05-15 12:31:12 ----A---- C:\Windows\system32\wincredprovider.dll
2014-05-15 12:31:12 ----A---- C:\Windows\system32\lsass.exe
2014-05-15 12:31:12 ----A---- C:\Windows\system32\credssp.dll
2014-05-15 12:31:11 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-15 12:31:11 ----A---- C:\Windows\system32\secur32.dll
2014-05-15 12:28:59 ----A---- C:\Windows\system32\shell32.dll
======List of files/folders modified in the last 1 month======
2014-06-14 18:37:39 ----D---- C:\Windows\Prefetch
2014-06-14 18:37:30 ----D---- C:\Program Files\trend micro
2014-06-14 18:37:29 ----D---- C:\Windows\Temp
2014-06-14 18:01:21 ----D---- C:\Windows\system32\config
2014-06-14 17:56:56 ----RD---- C:\Program Files
2014-06-14 17:56:56 ----D---- C:\Windows\system32\drivers
2014-06-14 17:48:50 ----D---- C:\Users\Eee Pc\AppData\Roaming\Dropbox
2014-06-14 17:47:50 ----D---- C:\Users\Eee Pc\AppData\Roaming\DropboxMaster
2014-06-14 17:44:43 ----RSD---- C:\Windows\Media
2014-06-14 13:39:45 ----D---- C:\Windows\system32\catroot2
2014-06-13 13:36:03 ----HD---- C:\ProgramData
2014-06-13 01:19:10 ----D---- C:\Windows\System32
2014-06-12 18:54:48 ----D---- C:\Windows\system32\MRT
2014-06-12 18:45:00 ----D---- C:\Windows\debug
2014-06-12 18:44:44 ----A---- C:\Windows\system32\MRT.exe
2014-06-12 18:43:27 ----D---- C:\Windows\winsxs
2014-06-12 18:40:31 ----D---- C:\Windows\system32\catroot
2014-06-12 13:51:42 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-06-12 01:08:38 ----D---- C:\Users\Eee Pc\AppData\Roaming\uTorrent
2014-06-11 01:59:38 ----D---- C:\Users\Eee Pc\AppData\Roaming\Skype
2014-06-09 20:44:37 ----D---- C:\Windows\Microsoft.NET
2014-06-09 17:11:21 ----D---- C:\Windows\system32\DriverStore
2014-06-09 17:11:20 ----D---- C:\Windows\inf
2014-06-08 03:06:20 ----D---- C:\Users\Eee Pc\AppData\Roaming\Media Player Classic
2014-06-07 20:48:26 ----SHD---- C:\System Volume Information
2014-06-07 18:34:04 ----D---- C:\Windows
2014-06-07 18:22:49 ----D---- C:\Windows\Panther
2014-06-07 18:22:43 ----D---- C:\Windows\Logs
2014-06-07 18:22:42 ----D---- C:\Windows\Minidump
2014-06-07 17:19:20 ----D---- C:\Windows\system32\Tasks
2014-06-07 17:19:16 ----D---- C:\Users\Eee Pc\AppData\Roaming\Maxthon3
2014-06-07 16:56:54 ----D---- C:\Windows\Tasks
2014-06-02 15:56:37 ----D---- C:\Windows\system32\Macromed
2014-06-02 02:07:07 ----D---- C:\Users\Eee Pc\AppData\Roaming\vlc
2014-05-15 14:22:58 ----D---- C:\Windows\rescache
2014-05-15 13:24:18 ----RSD---- C:\Windows\assembly
2014-05-15 13:04:20 ----SD---- C:\Windows\system32\CompatTel
2014-05-15 13:04:19 ----D---- C:\Windows\system32\en-US
2014-05-15 12:36:05 ----SHD---- C:\Windows\Installer
2014-05-15 12:16:00 ----D---- C:\Program Files\Common Files\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-05-02 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-05-02 180632]
R0 Bhbase;Baidu Hook Base; C:\Windows\System32\drivers\Bhbase.sys [2013-09-03 47456]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-05-02 81768]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-05-16 777488]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-05-16 411680]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-06 242240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/05/28 15:02:27]; \??\C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-11-16 77296]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-05-02 24184]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-05-02 67824]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-05-16 68312]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]
R2 ntk_PowerDVD;ntk_PowerDVD; \??\C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-11-21 71664]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2011-06-27 2191872]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-07-21 102912]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2013-05-22 37344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-04-11 4815872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-05-17 3499752]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 13880]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys [2010-05-10 68208]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BprotectEx;Baidu ProtectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-04-28 54632]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-10-18 9216]
S3 PCFApiUtil;PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2013-08-21 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2013-08-21 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2013-08-21 153672]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 49664]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2010-10-18 105088]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2010-10-18 105088]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2010-10-18 105088]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-19 65432]
R2 AsusService;Asus Launcher Service; C:\Windows\System32\AsusService.exe [2009-08-18 219136]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-05-02 50344]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-11-21 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-11-11 75048]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-11-11 292136]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2013-05-22 233472]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-13 116648]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-13 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 108032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-11 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-09-16 529744]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Run by Eee Pc at 2014-06-14 18:37:21
Microsoft Windows 7 Starter Service Pack 1
System drive C: has 30 GB (24%) free of 127 GB
Total RAM: 1014 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:37:45, on 14.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\System32\SupportAppXL\AutoDect.exe
C:\Program Files\EMET\EMET_notifier.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\Lingoes.exe
C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Eee Pc\Downloads\RSIT(1).exe
C:\Program Files\trend micro\Eee Pc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl11] C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [autodetect] C:\Windows\system32\SupportAppXL\AutoDect.exe
O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Lingoes] C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\Lingoes.exe -minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 6905 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default
prefs.js - "browser.startup.homepage" - "http://th.hao123.com/?tn=oc_pay_hp_03_hao123_th"
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\components\
ConsoleAPI.js
nsInputListAutoComplete.js
nsUrlClassifierHashCompleter.js
PlacesCategoriesStarter.js
TelemetryPing.js
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions\
{9d1f059c-cada-4111-9696-41a62d64e3ba}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-05-02 436600]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-04-19 142104]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-04-19 174360]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-04-19 150808]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-05-23 10082920]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"RemoteControl11"=C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe [2011-11-21 234792]
"HotkeyMon"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe []
"HotkeyService"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe []
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-06-10 548744]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2014-05-28 310064]
"autodetect"=C:\Windows\system32\SupportAppXL\AutoDect.exe [2010-12-27 129872]
"EMET Notifier"=C:\Program Files\EMET\EMET_notifier.exe [2012-05-09 152152]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2014-06-07 3890208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2014-05-28 843568]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
"KiesPreload"=C:\Program Files\Samsung\Kies\Kies.exe [2014-05-28 1563440]
""=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2014-05-28 843568]
"Lingoes"=C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\Lingoes.exe [2013-03-30 2506752]
C:\Users\Eee Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-04-11 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.ACDV"=ACDV.dll
"msacm.divxa32"=msaud32_divx.acm
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-06-13 13:37:11 ----D---- C:\Users\Eee Pc\AppData\Roaming\Malwarebytes
2014-06-13 13:36:03 ----D---- C:\ProgramData\Malwarebytes
2014-06-13 01:19:10 ----A---- C:\Windows\system32\sqlite3.dll
2014-06-13 01:17:19 ----D---- C:\AdwCleaner
2014-06-12 18:40:19 ----A---- C:\Windows\system32\rdpcorets.dll
2014-06-12 18:40:18 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 18:17:02 ----A---- C:\Toolbox.exe
2014-06-12 18:17:02 ----A---- C:\readme.txt
2014-06-12 18:16:56 ----AD---- C:\tools
2014-06-12 18:16:56 ----AD---- C:\logo
2014-06-11 15:13:04 ----D---- C:\Program Files\Mozilla Firefox
2014-06-10 03:58:30 ----D---- C:\Users\Eee Pc\AppData\Roaming\PhotoFiltre 7
2014-06-10 03:58:21 ----D---- C:\Program Files\PhotoFiltre 7
2014-06-10 02:04:30 ----ASH---- C:\pagefile.sys
2014-06-08 03:03:38 ----D---- C:\ProgramData\GRETECH
2014-06-02 16:12:39 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 12:32:47 ----A---- C:\Windows\system32\mshtmled.dll
2014-05-15 12:32:41 ----A---- C:\Windows\system32\mshtml.dll
2014-05-15 12:31:30 ----A---- C:\Windows\system32\aepdu.dll
2014-05-15 12:31:29 ----A---- C:\Windows\system32\aeinv.dll
2014-05-15 12:31:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
2014-05-15 12:31:20 ----A---- C:\Windows\system32\kerberos.dll
2014-05-15 12:31:19 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-15 12:31:19 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-15 12:31:18 ----A---- C:\Windows\system32\winlogon.exe
2014-05-15 12:31:18 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-15 12:31:17 ----A---- C:\Windows\system32\objsel.dll
2014-05-15 12:31:16 ----A---- C:\Windows\system32\wdigest.dll
2014-05-15 12:31:16 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-15 12:31:15 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\schannel.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-15 12:31:14 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\cngprovider.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\capiprovider.dll
2014-05-15 12:31:14 ----A---- C:\Windows\system32\adprovider.dll
2014-05-15 12:31:13 ----A---- C:\Windows\system32\sspicli.dll
2014-05-15 12:31:13 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-15 12:31:13 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-05-15 12:31:12 ----A---- C:\Windows\system32\wincredprovider.dll
2014-05-15 12:31:12 ----A---- C:\Windows\system32\lsass.exe
2014-05-15 12:31:12 ----A---- C:\Windows\system32\credssp.dll
2014-05-15 12:31:11 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-15 12:31:11 ----A---- C:\Windows\system32\secur32.dll
2014-05-15 12:28:59 ----A---- C:\Windows\system32\shell32.dll
======List of files/folders modified in the last 1 month======
2014-06-14 18:37:39 ----D---- C:\Windows\Prefetch
2014-06-14 18:37:30 ----D---- C:\Program Files\trend micro
2014-06-14 18:37:29 ----D---- C:\Windows\Temp
2014-06-14 18:01:21 ----D---- C:\Windows\system32\config
2014-06-14 17:56:56 ----RD---- C:\Program Files
2014-06-14 17:56:56 ----D---- C:\Windows\system32\drivers
2014-06-14 17:48:50 ----D---- C:\Users\Eee Pc\AppData\Roaming\Dropbox
2014-06-14 17:47:50 ----D---- C:\Users\Eee Pc\AppData\Roaming\DropboxMaster
2014-06-14 17:44:43 ----RSD---- C:\Windows\Media
2014-06-14 13:39:45 ----D---- C:\Windows\system32\catroot2
2014-06-13 13:36:03 ----HD---- C:\ProgramData
2014-06-13 01:19:10 ----D---- C:\Windows\System32
2014-06-12 18:54:48 ----D---- C:\Windows\system32\MRT
2014-06-12 18:45:00 ----D---- C:\Windows\debug
2014-06-12 18:44:44 ----A---- C:\Windows\system32\MRT.exe
2014-06-12 18:43:27 ----D---- C:\Windows\winsxs
2014-06-12 18:40:31 ----D---- C:\Windows\system32\catroot
2014-06-12 13:51:42 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-06-12 01:08:38 ----D---- C:\Users\Eee Pc\AppData\Roaming\uTorrent
2014-06-11 01:59:38 ----D---- C:\Users\Eee Pc\AppData\Roaming\Skype
2014-06-09 20:44:37 ----D---- C:\Windows\Microsoft.NET
2014-06-09 17:11:21 ----D---- C:\Windows\system32\DriverStore
2014-06-09 17:11:20 ----D---- C:\Windows\inf
2014-06-08 03:06:20 ----D---- C:\Users\Eee Pc\AppData\Roaming\Media Player Classic
2014-06-07 20:48:26 ----SHD---- C:\System Volume Information
2014-06-07 18:34:04 ----D---- C:\Windows
2014-06-07 18:22:49 ----D---- C:\Windows\Panther
2014-06-07 18:22:43 ----D---- C:\Windows\Logs
2014-06-07 18:22:42 ----D---- C:\Windows\Minidump
2014-06-07 17:19:20 ----D---- C:\Windows\system32\Tasks
2014-06-07 17:19:16 ----D---- C:\Users\Eee Pc\AppData\Roaming\Maxthon3
2014-06-07 16:56:54 ----D---- C:\Windows\Tasks
2014-06-02 15:56:37 ----D---- C:\Windows\system32\Macromed
2014-06-02 02:07:07 ----D---- C:\Users\Eee Pc\AppData\Roaming\vlc
2014-05-15 14:22:58 ----D---- C:\Windows\rescache
2014-05-15 13:24:18 ----RSD---- C:\Windows\assembly
2014-05-15 13:04:20 ----SD---- C:\Windows\system32\CompatTel
2014-05-15 13:04:19 ----D---- C:\Windows\system32\en-US
2014-05-15 12:36:05 ----SHD---- C:\Windows\Installer
2014-05-15 12:16:00 ----D---- C:\Program Files\Common Files\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-05-02 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-05-02 180632]
R0 Bhbase;Baidu Hook Base; C:\Windows\System32\drivers\Bhbase.sys [2013-09-03 47456]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-05-02 81768]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-05-16 777488]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-05-16 411680]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-06 242240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/05/28 15:02:27]; \??\C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-11-16 77296]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-05-02 24184]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-05-02 67824]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-05-16 68312]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]
R2 ntk_PowerDVD;ntk_PowerDVD; \??\C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-11-21 71664]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2011-06-27 2191872]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-07-21 102912]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2013-05-22 37344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-04-11 4815872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-05-17 3499752]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 13880]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys [2010-05-10 68208]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BprotectEx;Baidu ProtectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-04-28 54632]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-10-18 9216]
S3 PCFApiUtil;PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2013-08-21 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2013-08-21 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2013-08-21 153672]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 49664]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2010-10-18 105088]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2010-10-18 105088]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2010-10-18 105088]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-19 65432]
R2 AsusService;Asus Launcher Service; C:\Windows\System32\AsusService.exe [2009-08-18 219136]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-05-02 50344]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-11-21 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-11-11 75048]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-11-11 292136]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2013-05-22 233472]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-13 116648]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-13 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 108032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-11 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-09-16 529744]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Re: Preventivka
Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Preventivka
Obcas se to stane, ze OTL tuhle chybku vyhodi 
Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem
Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /sPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Stardust
- Vzorný návštěvník
- Příspěvky: 43
- Registrován: 08 lis 2007 07:59
- Bydliště: (problém) mezi křeslem a klávesnicí
Re: Preventivka
OTL logfile created on: 15.6.2014 14:04:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eee Pc\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy
1014,18 Mb Total Physical Memory | 363,94 Mb Available Physical Memory | 35,89% Memory free
1,99 Gb Paging File | 0,97 Gb Available in Paging File | 48,79% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 123,87 Gb Total Space | 29,10 Gb Free Space | 23,49% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 249,10 Gb Free Space | 72,88% Space Free | Partition Type: NTFS
Computer Name: EEEPC-PC | User Name: Eee Pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.06.14 19:45:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eee Pc\Desktop\OTL.exe
PRC - [2014.06.11 15:15:17 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014.06.07 01:56:09 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\avastui.exe
PRC - [2014.06.03 00:17:54 | 000,847,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
PRC - [2014.05.28 12:00:48 | 000,310,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2014.05.28 12:00:32 | 001,563,440 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2014.05.20 07:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014.05.02 01:55:27 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013.12.19 01:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.22 18:34:24 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2013.03.30 00:41:46 | 002,506,752 | ---- | M] (Lingoes Project) -- C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\Lingoes.exe
PRC - [2012.11.23 09:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.05.09 14:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2011.11.21 16:11:16 | 000,234,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
PRC - [2011.11.21 16:11:14 | 000,083,240 | ---- | M] () -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011.11.11 19:16:16 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2011.11.11 19:16:14 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011.10.10 12:55:04 | 000,085,344 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2011.02.25 12:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.27 11:01:32 | 000,129,872 | ---- | M] () -- C:\Windows\System32\SupportAppXL\AutoDect.exe
PRC - [2010.08.04 16:17:26 | 001,244,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010.06.10 15:57:18 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010.04.07 13:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2009.09.11 11:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009.08.18 17:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
========== Modules (No Company Name) ==========
MOD - [2014.06.15 13:15:22 | 000,043,008 | ---- | M] () -- c:\Users\Eee Pc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi_tsav.dll
MOD - [2014.06.11 15:15:12 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014.06.09 20:44:26 | 014,993,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\88c30f838ad0171abbb8852dd688e860\Kies.Theme.ni.dll
MOD - [2014.06.09 20:43:46 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\00f6f1179928ae35c4ac9db513e30206\Kies.Common.AllShare.ni.dll
MOD - [2014.06.09 20:42:49 | 002,199,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common23b84511#\fd5241c392983d352451e31a4df4ecea\Kies.Common.Multimedia.ni.dll
MOD - [2014.06.09 20:42:38 | 000,186,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\ed1197fe02762518125a11bcbaf4aec8\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2014.06.09 19:17:19 | 000,316,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\d74770a913a115a33d571e6f8f7ec2c9\Kies.Common.Util.ni.dll
MOD - [2014.06.09 19:17:17 | 001,738,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\879a2f948ca5a06908f1977372fb4f83\Kies.Locale.ni.dll
MOD - [2014.06.09 19:17:15 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\d514a508ff489131cfacd7b64e9575a4\Kies.MVVM.ni.dll
MOD - [2014.06.09 19:17:14 | 001,865,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\de83f360e8e92e77c6157948ccce5344\Kies.UI.ni.dll
MOD - [2014.06.09 19:17:08 | 001,331,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\d4d0908d80e428b6c65a7921985efea8\Kies.Interface.ni.dll
MOD - [2014.06.09 19:17:04 | 002,140,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\0e1210614ddbb8aa9a3892bedb6412f6\Kies.ni.exe
MOD - [2014.05.15 12:35:40 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014.02.12 13:05:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014.02.12 13:04:50 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014.02.12 13:03:05 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.02.12 13:02:40 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014.02.12 11:57:33 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cffeb31975c17760187d713cf2d7934d\ASF_cSharpAPI.ni.dll
MOD - [2014.02.12 11:30:59 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014.02.12 11:28:59 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014.02.12 11:26:16 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014.02.12 11:23:05 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014.02.12 11:21:54 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014.02.12 11:20:57 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014.02.12 11:20:39 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014.02.12 11:19:46 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014.02.12 11:19:33 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014.02.12 11:18:41 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014.01.03 08:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013.11.30 17:54:28 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2013.08.24 02:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.03.30 01:05:20 | 000,335,872 | ---- | M] () -- C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\OpenText32.dll
MOD - [2010.12.27 11:01:32 | 000,129,872 | ---- | M] () -- C:\Windows\System32\SupportAppXL\AutoDect.exe
MOD - [2005.10.07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2014.06.11 15:15:13 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.05.02 01:55:27 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014.03.06 14:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.12.19 01:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.27 11:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.05.22 18:34:24 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2012.09.16 09:14:34 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.21 16:11:14 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.11.11 19:16:16 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.11.11 19:16:14 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.10.10 12:55:04 | 000,085,344 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2009.08.18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil.sys -- (PCFApiUtil)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BprotectEx.sys -- (BprotectEx)
DRV - [2014.05.16 01:56:06 | 000,777,488 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014.05.16 01:56:05 | 000,411,680 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014.05.16 01:56:05 | 000,068,312 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2014.05.02 01:55:36 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014.05.02 01:55:35 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014.05.02 01:55:35 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014.05.02 01:55:35 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014.05.02 01:55:35 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2013.09.03 18:59:02 | 000,047,456 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Bhbase.sys -- (Bhbase)
DRV - [2013.08.21 11:31:26 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2013.08.21 11:31:26 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2013.08.21 11:31:26 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2013.05.22 18:34:26 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013.04.06 13:28:23 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.08.23 21:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 21:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.11.21 16:11:15 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD)
DRV - [2011.11.16 11:00:00 | 000,077,296 | ---- | M] (CyberLink Corp.) [2012/05/28 15:02:27] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.07.06 22:14:42 | 000,089,376 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011.06.27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.11.20 16:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.10.18 16:20:02 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.10.18 14:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.10.18 14:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.10.18 14:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.05.10 17:28:14 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.12.30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009.07.20 17:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.14 06:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 06:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 77 8F 8C 9C 3C CD 01 [binary data]
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://th.hao123.com/?tn=oc_pay_hp_03_hao123_th"
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@software602.cz/602XML Filler: C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014.05.02 01:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.06.11 15:14:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.06.11 15:14:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Eee Pc\AppData\Roaming\IDM\idmmzcc5 [2012.05.28 15:11:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.06.11 15:14:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.06.11 15:14:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Eee Pc\AppData\Roaming\IDM\idmmzcc5 [2012.05.28 15:11:36 | 000,000,000 | ---D | M]
[2012.05.28 16:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Extensions
[2014.06.06 17:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions
[2014.02.16 00:27:18 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2012.10.01 19:27:52 | 000,003,679 | ---- | M] () (No name found) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions\check-compatibility@dactyl.googlecode.com.xpi
[2014.05.28 02:17:42 | 000,220,258 | ---- | M] () (No name found) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2014.04.02 17:15:48 | 000,033,235 | ---- | M] () (No name found) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2014.06.06 17:45:14 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.06.11 15:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.06.11 15:15:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.06.11 15:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\en-US\locale\en-US\mozapps\extensions
[2014.06.11 15:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\content\mozapps\extensions
[2014.06.11 15:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\skin\classic\aero\mozapps\extensions
[2014.06.11 15:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\skin\classic\mozapps\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://th.hao123.com/?tn=oc_pay_hp_03_hao123_th
CHR - plugin: First user (Disabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.05.28 15:10:29 | 000,000,867 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [autodetect] C:\Windows\System32\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2516053383-474250546-561759448-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2516053383-474250546-561759448-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-2516053383-474250546-561759448-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2516053383-474250546-561759448-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2516053383-474250546-561759448-1000..\Run: [Lingoes] C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\Lingoes.exe (Lingoes Project)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Eee Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F7605BC-E978-497B-9B4F-BDA1CA8EE6CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBD53D56-0749-4274-A847-60D587087CD7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{719ab213-e94b-11e1-ad5f-14dae923181a}\Shell - "" = AutoRun
O33 - MountPoints2\{719ab213-e94b-11e1-ad5f-14dae923181a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eee Pc\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy
1014,18 Mb Total Physical Memory | 363,94 Mb Available Physical Memory | 35,89% Memory free
1,99 Gb Paging File | 0,97 Gb Available in Paging File | 48,79% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 123,87 Gb Total Space | 29,10 Gb Free Space | 23,49% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 249,10 Gb Free Space | 72,88% Space Free | Partition Type: NTFS
Computer Name: EEEPC-PC | User Name: Eee Pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.06.14 19:45:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eee Pc\Desktop\OTL.exe
PRC - [2014.06.11 15:15:17 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014.06.07 01:56:09 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\avastui.exe
PRC - [2014.06.03 00:17:54 | 000,847,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
PRC - [2014.05.28 12:00:48 | 000,310,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2014.05.28 12:00:32 | 001,563,440 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2014.05.20 07:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014.05.02 01:55:27 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013.12.19 01:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.22 18:34:24 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2013.03.30 00:41:46 | 002,506,752 | ---- | M] (Lingoes Project) -- C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\Lingoes.exe
PRC - [2012.11.23 09:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.05.09 14:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2011.11.21 16:11:16 | 000,234,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
PRC - [2011.11.21 16:11:14 | 000,083,240 | ---- | M] () -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011.11.11 19:16:16 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2011.11.11 19:16:14 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011.10.10 12:55:04 | 000,085,344 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2011.02.25 12:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.27 11:01:32 | 000,129,872 | ---- | M] () -- C:\Windows\System32\SupportAppXL\AutoDect.exe
PRC - [2010.08.04 16:17:26 | 001,244,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010.06.10 15:57:18 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010.04.07 13:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2009.09.11 11:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009.08.18 17:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
========== Modules (No Company Name) ==========
MOD - [2014.06.15 13:15:22 | 000,043,008 | ---- | M] () -- c:\Users\Eee Pc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi_tsav.dll
MOD - [2014.06.11 15:15:12 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014.06.09 20:44:26 | 014,993,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\88c30f838ad0171abbb8852dd688e860\Kies.Theme.ni.dll
MOD - [2014.06.09 20:43:46 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\00f6f1179928ae35c4ac9db513e30206\Kies.Common.AllShare.ni.dll
MOD - [2014.06.09 20:42:49 | 002,199,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common23b84511#\fd5241c392983d352451e31a4df4ecea\Kies.Common.Multimedia.ni.dll
MOD - [2014.06.09 20:42:38 | 000,186,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\ed1197fe02762518125a11bcbaf4aec8\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2014.06.09 19:17:19 | 000,316,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\d74770a913a115a33d571e6f8f7ec2c9\Kies.Common.Util.ni.dll
MOD - [2014.06.09 19:17:17 | 001,738,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\879a2f948ca5a06908f1977372fb4f83\Kies.Locale.ni.dll
MOD - [2014.06.09 19:17:15 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\d514a508ff489131cfacd7b64e9575a4\Kies.MVVM.ni.dll
MOD - [2014.06.09 19:17:14 | 001,865,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\de83f360e8e92e77c6157948ccce5344\Kies.UI.ni.dll
MOD - [2014.06.09 19:17:08 | 001,331,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\d4d0908d80e428b6c65a7921985efea8\Kies.Interface.ni.dll
MOD - [2014.06.09 19:17:04 | 002,140,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\0e1210614ddbb8aa9a3892bedb6412f6\Kies.ni.exe
MOD - [2014.05.15 12:35:40 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014.02.12 13:05:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014.02.12 13:04:50 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014.02.12 13:03:05 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.02.12 13:02:40 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014.02.12 11:57:33 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cffeb31975c17760187d713cf2d7934d\ASF_cSharpAPI.ni.dll
MOD - [2014.02.12 11:30:59 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014.02.12 11:28:59 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014.02.12 11:26:16 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014.02.12 11:23:05 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014.02.12 11:21:54 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014.02.12 11:20:57 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014.02.12 11:20:39 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014.02.12 11:19:46 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014.02.12 11:19:33 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014.02.12 11:18:41 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014.01.03 08:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013.11.30 17:54:28 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2013.08.24 02:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.03.30 01:05:20 | 000,335,872 | ---- | M] () -- C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\OpenText32.dll
MOD - [2010.12.27 11:01:32 | 000,129,872 | ---- | M] () -- C:\Windows\System32\SupportAppXL\AutoDect.exe
MOD - [2005.10.07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2014.06.11 15:15:13 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.05.02 01:55:27 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014.03.06 14:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.12.19 01:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.27 11:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.05.22 18:34:24 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2012.09.16 09:14:34 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.21 16:11:14 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.11.11 19:16:16 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.11.11 19:16:14 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.10.10 12:55:04 | 000,085,344 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2009.08.18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil.sys -- (PCFApiUtil)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BprotectEx.sys -- (BprotectEx)
DRV - [2014.05.16 01:56:06 | 000,777,488 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014.05.16 01:56:05 | 000,411,680 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014.05.16 01:56:05 | 000,068,312 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2014.05.02 01:55:36 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014.05.02 01:55:35 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014.05.02 01:55:35 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014.05.02 01:55:35 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014.05.02 01:55:35 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2013.09.03 18:59:02 | 000,047,456 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Bhbase.sys -- (Bhbase)
DRV - [2013.08.21 11:31:26 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2013.08.21 11:31:26 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2013.08.21 11:31:26 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2013.05.22 18:34:26 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013.04.06 13:28:23 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.08.23 21:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 21:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.11.21 16:11:15 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD)
DRV - [2011.11.16 11:00:00 | 000,077,296 | ---- | M] (CyberLink Corp.) [2012/05/28 15:02:27] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.07.06 22:14:42 | 000,089,376 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011.06.27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.11.20 16:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.10.18 16:20:02 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.10.18 14:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.10.18 14:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.10.18 14:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.05.10 17:28:14 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.12.30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009.07.20 17:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.14 06:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 06:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 77 8F 8C 9C 3C CD 01 [binary data]
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-2516053383-474250546-561759448-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://th.hao123.com/?tn=oc_pay_hp_03_hao123_th"
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@software602.cz/602XML Filler: C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014.05.02 01:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.06.11 15:14:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.06.11 15:14:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Eee Pc\AppData\Roaming\IDM\idmmzcc5 [2012.05.28 15:11:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.06.11 15:14:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.06.11 15:14:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Eee Pc\AppData\Roaming\IDM\idmmzcc5 [2012.05.28 15:11:36 | 000,000,000 | ---D | M]
[2012.05.28 16:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Extensions
[2014.06.06 17:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions
[2014.02.16 00:27:18 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2012.10.01 19:27:52 | 000,003,679 | ---- | M] () (No name found) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions\check-compatibility@dactyl.googlecode.com.xpi
[2014.05.28 02:17:42 | 000,220,258 | ---- | M] () (No name found) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2014.04.02 17:15:48 | 000,033,235 | ---- | M] () (No name found) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2014.06.06 17:45:14 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Eee Pc\AppData\Roaming\Mozilla\Firefox\Profiles\xjjuqil0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.06.11 15:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.06.11 15:15:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.06.11 15:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\en-US\locale\en-US\mozapps\extensions
[2014.06.11 15:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\content\mozapps\extensions
[2014.06.11 15:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\skin\classic\aero\mozapps\extensions
[2014.06.11 15:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\skin\classic\mozapps\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://th.hao123.com/?tn=oc_pay_hp_03_hao123_th
CHR - plugin: First user (Disabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Users\Eee Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.05.28 15:10:29 | 000,000,867 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [autodetect] C:\Windows\System32\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2516053383-474250546-561759448-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2516053383-474250546-561759448-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-2516053383-474250546-561759448-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2516053383-474250546-561759448-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2516053383-474250546-561759448-1000..\Run: [Lingoes] C:\Users\Eee Pc\AppData\Local\Lingoes\Translator\lingoes-us\Lingoes.exe (Lingoes Project)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Eee Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F7605BC-E978-497B-9B4F-BDA1CA8EE6CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBD53D56-0749-4274-A847-60D587087CD7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{719ab213-e94b-11e1-ad5f-14dae923181a}\Shell - "" = AutoRun
O33 - MountPoints2\{719ab213-e94b-11e1-ad5f-14dae923181a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
-
Stardust
- Vzorný návštěvník
- Příspěvky: 43
- Registrován: 08 lis 2007 07:59
- Bydliště: (problém) mezi křeslem a klávesnicí
Re: Preventivka
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014.06.14 19:44:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eee Pc\Desktop\OTL.exe
[2014.06.13 13:37:11 | 000,000,000 | ---D | C] -- C:\Users\Eee Pc\AppData\Roaming\Malwarebytes
[2014.06.13 13:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.06.13 01:19:10 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014.06.13 01:17:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.06.12 18:40:19 | 002,742,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2014.06.12 18:40:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2014.06.12 18:17:02 | 000,307,032 | ---- | C] (IObit) -- C:\Toolbox.exe
[2014.06.12 18:16:56 | 000,000,000 | ---D | C] -- C:\tools
[2014.06.12 18:16:56 | 000,000,000 | ---D | C] -- C:\logo
[2014.06.11 15:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.06.10 03:58:30 | 000,000,000 | ---D | C] -- C:\Users\Eee Pc\AppData\Roaming\PhotoFiltre 7
[2014.06.10 03:58:25 | 000,000,000 | ---D | C] -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
[2014.06.10 03:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
[2014.06.10 03:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoFiltre 7
[2014.06.08 03:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\GRETECH
[2014.06.07 16:55:47 | 000,000,000 | ---D | C] -- C:\Users\Eee Pc\AppData\Local\Flock
[2014.06.02 23:57:47 | 000,000,000 | -HSD | C] -- C:\Users\Eee Pc\AppData\Local\EmieUserList
[2014.06.02 23:57:47 | 000,000,000 | -HSD | C] -- C:\Users\Eee Pc\AppData\Local\EmieSiteList
[2014.06.02 16:12:39 | 000,692,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.06.02 16:12:38 | 000,070,832 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files - Modified Within 30 Days ==========
[2014.06.15 14:12:48 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.06.15 14:11:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.06.15 13:24:07 | 000,011,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.15 13:24:07 | 000,011,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.15 13:15:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.06.15 13:14:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.15 13:14:18 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2014.06.14 19:45:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eee Pc\Desktop\OTL.exe
[2014.06.13 01:14:45 | 001,333,465 | ---- | M] () -- C:\Users\Eee Pc\Desktop\adwcleaner_3.212.exe
[2014.06.10 03:58:26 | 000,001,020 | ---- | M] () -- C:\Users\Eee Pc\Desktop\PhotoFiltre 7.lnk
[2014.06.09 17:11:56 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2014.06.08 03:03:15 | 000,001,179 | ---- | M] () -- C:\Users\Eee Pc\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2014.06.08 03:03:15 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2014.06.07 18:40:06 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.06.07 18:40:05 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.05.25 13:49:21 | 000,001,012 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.05.25 13:48:43 | 000,000,982 | ---- | M] () -- C:\Users\Eee Pc\Desktop\Dropbox.lnk
========== Files Created - No Company Name ==========
[2014.06.14 19:55:48 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.06.13 01:14:25 | 001,333,465 | ---- | C] () -- C:\Users\Eee Pc\Desktop\adwcleaner_3.212.exe
[2014.06.10 03:58:26 | 000,001,020 | ---- | C] () -- C:\Users\Eee Pc\Desktop\PhotoFiltre 7.lnk
[2014.05.02 01:55:41 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2013.07.16 11:09:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.07.16 11:09:41 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2013.03.11 23:40:11 | 000,180,632 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.03.11 23:40:09 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012.07.25 12:00:18 | 001,129,312 | ---- | C] () -- C:\Windows\System32\602convert.dll
[2012.07.10 11:20:51 | 000,686,425 | ---- | C] () -- C:\Windows\unins000.exe
[2012.07.10 11:20:51 | 000,039,320 | ---- | C] () -- C:\Windows\unins000.dat
[2012.06.01 11:04:41 | 000,000,976 | ---- | C] () -- C:\Users\Eee Pc\AppData\Local\SRDownloader.nast
========== ZeroAccess Check ==========
[2009.07.14 11:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 09:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 19:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 08:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.08.21 21:28:15 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\.minecraft
[2013.03.16 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\602Installer
[2013.03.16 14:16:43 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\602XML
[2012.09.19 15:46:13 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\ACD Systems
[2013.05.23 16:32:18 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Audacity
[2013.11.30 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\AVAST Software
[2013.12.30 18:50:55 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Baidu Security
[2013.07.05 00:14:48 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\DAEMON Tools Lite
[2012.06.01 10:17:42 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\DMCache
[2014.06.15 13:16:26 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Dropbox
[2014.06.15 13:15:42 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\DropboxMaster
[2013.03.19 19:33:16 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\FireShot
[2012.07.22 15:38:18 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\GHISLER
[2012.08.10 13:24:27 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\IDM
[2014.06.07 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Maxthon3
[2013.06.26 07:21:40 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Oracle
[2014.06.10 04:06:58 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\PhotoFiltre 7
[2012.06.10 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\qs
[2013.07.16 11:02:25 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Samsung
[2013.10.02 16:32:32 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Thai2English
[2014.06.12 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 11:53:46 | 000,032,644 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 11:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.06.13 19:09:14 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.06.13 19:09:15 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 08:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 19:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 19:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 06:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 15:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 15:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 15:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011.02.26 12:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 08:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 12:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 12:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 12:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 19:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 12:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 12:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 12:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 12:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 13:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2010.11.20 19:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 19:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 08:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 08:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 19:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 19:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009.07.14 08:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 08:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.04.25 11:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2012.08.23 00:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011.04.25 11:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 08:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013.01.03 12:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010.11.20 19:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2013.01.04 11:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013.07.06 12:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013.07.06 11:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2012.03.30 17:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2013.05.08 13:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2013.09.07 09:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011.04.25 13:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.01.03 12:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2012.03.30 17:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011.04.25 11:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012.03.30 16:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2012.08.23 00:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2013.01.04 11:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2013.09.08 09:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\System32\drivers\tcpip.sys
[2013.09.08 09:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2013.05.08 12:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys
[2012.10.03 23:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013.11.26 18:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2012.10.03 23:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2012.03.30 17:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010.11.20 19:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 19:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 08:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 13:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 12:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 19:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 08:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2014.03.04 16:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\System32\winlogon.exe
[2014.03.04 16:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014.03.04 17:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
< >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< >
< %systemroot%*.* /U /s >
[12 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2011.03.09 17:23:36 | 000,307,032 | ---- | M] (IObit) -- C:\Toolbox.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.08.21 21:28:15 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\.minecraft
[2013.03.16 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\602Installer
[2013.03.16 14:16:43 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\602XML
[2012.09.19 15:46:13 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\ACD Systems
[2012.06.28 17:33:48 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Adobe
[2013.05.23 16:32:18 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Audacity
[2013.11.30 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\AVAST Software
[2013.12.30 18:50:55 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Baidu Security
[2012.05.28 15:05:39 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\CyberLink
[2013.07.05 00:14:48 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\DAEMON Tools Lite
[2012.06.01 10:17:42 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\DMCache
[2014.06.15 13:16:26 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Dropbox
[2014.06.15 13:15:42 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\DropboxMaster
[2013.03.19 19:33:16 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\FireShot
[2012.07.22 15:38:18 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\GHISLER
[2013.03.02 19:35:59 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\GRETECH
[2012.05.28 13:28:51 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Identities
[2012.08.10 13:24:27 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\IDM
[2012.05.28 13:50:31 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Macromedia
[2014.06.13 13:37:11 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Malwarebytes
[2014.06.07 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Maxthon3
[2014.06.08 03:06:20 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Media Player Classic
[2013.04.06 13:30:24 | 000,000,000 | --SD | M] -- C:\Users\Eee Pc\AppData\Roaming\Microsoft
[2012.05.28 16:49:13 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Mozilla
[2013.04.06 12:58:37 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Nero
[2013.06.26 07:21:40 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Oracle
[2014.06.10 04:06:58 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\PhotoFiltre 7
[2012.06.10 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\qs
[2013.07.16 11:02:25 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Samsung
[2014.06.11 01:59:38 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Skype
[2013.10.02 16:32:32 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Thai2English
[2014.06.12 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\uTorrent
[2014.06.02 02:07:07 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\vlc
< %APPDATA%\*.exe /s >
[2014.05.20 07:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014.05.20 07:47:16 | 000,244,368 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014.05.20 07:45:26 | 000,143,648 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2007.03.22 17:46:42 | 000,126,976 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2012.12.12 21:33:40 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2012.12.12 21:33:41 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2012.12.12 21:33:41 | 000,008,854 | R--- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2012.09.18 23:49:02 | 000,041,439 | R--- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Installer\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}\_4D69E3CD100D782CD01439.exe
[2012.09.18 23:49:02 | 000,041,439 | R--- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Installer\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}\_853F67D554F05449430E7E.exe
[2012.09.18 23:49:02 | 000,010,134 | R--- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Installer\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}\_9A017C9EDA4365E39E44AF.exe
[2010.04.26 03:08:43 | 000,342,365 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Nero\Uninstall.exe
[2014.02.03 20:56:40 | 001,564,992 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
[2014.02.03 20:56:42 | 000,559,936 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesAgent.exe
[2014.02.03 20:56:46 | 000,277,824 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
[2014.02.03 20:56:44 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
[2014.02.03 20:48:44 | 000,173,568 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe
[2014.02.03 20:50:36 | 000,352,768 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe
[2014.02.03 20:49:28 | 000,697,344 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
[2014.02.03 20:56:48 | 000,067,904 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
[2014.02.03 20:57:00 | 000,065,856 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\RegisterCOM.exe
[2014.01.23 16:22:36 | 000,055,296 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AdminDelegator.exe
[2014.01.23 16:22:36 | 000,082,944 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe
[2014.01.23 16:22:36 | 000,071,680 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe
[2014.02.03 20:56:52 | 000,845,120 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
[2014.02.03 20:56:54 | 003,835,040 | ---- | M] (Freeware) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
[2014.02.03 20:56:56 | 000,624,448 | ---- | M] (ml) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Updater\Kies.Update.exe
[2013.11.25 18:05:04 | 015,369,584 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2014.05.28 12:00:32 | 001,563,440 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2014.05.28 12:00:40 | 000,558,384 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAgent.exe
[2014.04.30 17:44:08 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAirMessage.exe
[2014.05.28 12:00:54 | 000,276,272 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2014.05.28 12:00:48 | 000,310,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2014.05.28 11:51:12 | 000,173,568 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe
[2014.05.28 11:53:02 | 000,352,768 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe
[2014.05.28 11:52:02 | 000,698,368 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2014.05.28 12:01:02 | 000,066,352 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2014.05.28 12:01:34 | 000,064,304 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\RegisterCOM.exe
[2014.05.22 12:57:28 | 000,061,016 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AdminDelegator.exe
[2014.05.22 12:57:28 | 000,088,664 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe
[2014.05.22 12:57:30 | 000,077,392 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe
[2014.05.28 12:01:10 | 000,843,568 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2014.05.28 12:01:18 | 003,833,488 | ---- | M] (Freeware) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2014.05.28 12:01:26 | 000,622,896 | ---- | M] (ml) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Updater\Kies.Update.exe
[2014.05.27 15:56:14 | 016,005,152 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2014.02.03 20:56:56 | 000,624,448 | ---- | M] (ml) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2014.05.28 12:01:26 | 000,622,896 | ---- | M] (ml) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2014.01.31 02:25:02 | 000,905,296 | ---- | M] (BitTorrent Inc.) -- C:\Users\Eee Pc\AppData\Roaming\uTorrent\uTorrent.exe
[2014.01.31 02:22:48 | 000,905,296 | ---- | M] (BitTorrent Inc.) -- C:\Users\Eee Pc\AppData\Roaming\uTorrent\updates\3.3.2_30488.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2014.06.15 13:15:13 | 000,000,882 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.06.15 14:12:48 | 000,000,886 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014.06.15 13:24:07 | 000,011,360 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.15 13:24:07 | 000,011,360 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.12 18:44:44 | 092,708,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MRT.exe
< %SYSTEMDRIVE%\*.exe >
[2011.03.09 17:23:36 | 000,307,032 | ---- | M] (IObit) -- C:\Toolbox.exe
< >
< *crack* /s >
[2012.11.15 00:54:50 | 000,686,728 | ---- | M] () -- \Users\Eee Pc\Downloads\cbsidlm-cbsi5_2_0_83-RAR_Password_Cracker-SEO2-10127912.exe
[1994.09.30 19:05:38 | 000,006,101 | ---- | M] () -- \Users\Eee Pc\Downloads\mortal-kombat-2\Mortal Kombat 2\FX\SKCRACK1.U8
< *keygen* /s >
< *AntiWPA* /s >
< *loader* /s >
[2014.05.02 01:55:26 | 000,072,480 | ---- | M] () -- \Program Files\Alwil Software\Avast5\aswWrcIELoader32.exe
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2006.10.26 13:45:02 | 000,061,440 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader80.dll
[2006.10.26 13:45:02 | 000,004,608 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader80.tlb
[2011.11.21 16:11:15 | 000,000,035 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\ComLoader.ini
[2011.11.21 18:02:12 | 000,124,200 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Common\Koan\pyloader.dll
[2011.11.21 16:11:05 | 000,002,830 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Customizations\Generic\Style\Cascade\Media\Standard\SlideBar\ProgressLoader.png
[2011.11.10 18:04:52 | 000,028,126 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Movie\PK\subsys\PyImpLoader\PyImpLoader.kc
[2011.11.10 18:04:52 | 000,120,104 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Movie\PK\subsys\PyImpLoader\_PyImpLoader.pyd
[2011.11.29 20:14:56 | 000,012,088 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\mm\MediaCtrl\ImageLoader.kc
[2011.11.29 20:14:58 | 000,002,692 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\Presentation\Common\D3D9Loader.kc
[2011.08.16 17:03:40 | 000,012,022 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Movie\PowerDVD Cox\mm\MediaCtrl\ImageLoader.kc
[2011.11.21 16:11:19 | 000,001,731 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\System\FlvLoader.swf
[2011.11.21 16:11:20 | 000,001,949 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\System\KernelCtrl\D3D9Loader.kc
[2011.11.21 16:11:20 | 000,056,487 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\System\KernelCtrl\ImageLoader2.kc
[2011.11.21 16:11:21 | 000,004,045 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Widget\langloader.kc
[2011.11.21 16:11:21 | 000,014,262 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Widget\layoutloader.kc
[2014.02.14 09:52:42 | 000,076,088 | ---- | M] () -- \Program Files\Maxthon\Bin\MxAppLoader.exe
[2014.05.28 16:09:50 | 000,667,960 | ---- | M] () -- \Program Files\Maxthon\Bin\MxDownloader.dll
[2014.02.19 13:54:52 | 000,086,768 | ---- | M] () -- \Program Files\Maxthon\Core\Webkit\Npplugins\gameloader.exe
[2010.01.01 00:00:00 | 000,002,063 | ---- | M] () -- \Program Files\Mozilla Firefox\chrome\browser\content\browser\safebrowsing\sb-loader.js
[2014.05.28 11:58:50 | 000,069,120 | ---- | M] () -- \Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2012.08.31 07:52:20 | 000,183,736 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2008.02.05 20:10:04 | 000,001,737 | ---- | M] () -- \Program Files\Thai2English\img\ajax-loader.gif
[2005.06.07 12:25:46 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2013.05.04 16:47:38 | 000,000,072 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader Help.url
[2013.05.04 16:47:38 | 000,002,191 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader.lnk
[2012.01.31 23:01:14 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.01.31 23:01:14 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2013.05.04 16:47:38 | 000,000,072 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader Help.url
[2013.05.04 16:47:38 | 000,002,191 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader.lnk
[2012.01.31 23:01:14 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.01.31 23:01:14 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.06.01 11:42:20 | 000,000,976 | ---- | M] () -- \Users\Eee Pc\AppData\Local\SRDownloader.nast
[2013.04.06 13:30:33 | 000,057,728 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2013.04.06 13:30:34 | 000,057,728 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2013.04.06 13:30:35 | 000,057,728 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2013.04.06 13:30:36 | 000,057,728 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin3\dt_dadget_loader.png
[2013.04.06 13:30:36 | 000,057,728 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin4\dt_dadget_loader.png
[2013.04.06 13:30:37 | 000,061,770 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin5\dt_dadget_loader.png
[2013.04.06 13:30:38 | 000,061,770 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin6\dt_dadget_loader.png
[2014.06.10 01:34:38 | 000,155,397 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1I3DH3IK\loader[1].js
[2014.06.08 16:17:39 | 000,013,640 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ED0X8HF6\pixelloader[1].swf
[2014.06.08 21:30:54 | 000,020,597 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HEN2M9CZ\preloader[1].swf
[2014.06.08 23:47:09 | 000,020,597 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HEN2M9CZ\preloader[2].swf
[2014.06.12 01:12:37 | 000,029,572 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LYPDQCCI\27226781_20140401130934320_featured_video_970x250_expandable_loader[1].swf
[2014.06.08 17:35:13 | 000,002,830 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWM6SVHY\RmsLoader[1].js
[2014.06.10 01:33:28 | 000,061,619 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWM6SVHY\yuiloader-dom-event[1].js
[2014.02.03 20:54:58 | 000,069,120 | ---- | M] () -- \Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2014.05.28 11:58:50 | 000,069,120 | ---- | M] () -- \Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2013.07.16 11:32:29 | 000,003,208 | ---- | M] () -- \Users\Eee Pc\Documents\samsung\Kies\Backup\GT-I9000\GT-I9000\GT-I9000_\GT-I9000_20130716112435\Photo\openfeint\webui\images\loader.gif
[2013.05.04 16:47:37 | 000,001,247 | ---- | M] () -- \Users\Public\Desktop\YTD Video Downloader.lnk
[2012.05.28 14:35:56 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2014.06.09 20:43:36 | 000,188,928 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common4f49951d#\21713bd1a18de3d3a7f32022a9d5fdb8\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
[2014.06.09 20:43:36 | 000,001,892 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common4f49951d#\21713bd1a18de3d3a7f32022a9d5fdb8\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll.aux
[2013.08.02 08:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 08:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 11:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 11:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 11:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009.07.14 11:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2012.05.30 21:49:14 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2012.05.30 21:49:14 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2012.05.30 21:49:14 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 09:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 09:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 09:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 08:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 14:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 14:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 05:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 08:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 08:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 08:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 11:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.18 18:09:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_0ae0ab79dce0fb26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 23:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 11:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 11:43:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 11:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.21 00:42:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_0b6949e0f5ff7ec0\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 23:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 11:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 11:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 11:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.21 00:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 23:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 11:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 08:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 11:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.21 00:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 23:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 11:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 11:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 12:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 17:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 09:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
[2011.11.21 16:11:20 | 000,002,894 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\System\KernelCtrl\Activator.kc
< *serial* /s >
[2005.10.28 15:29:20 | 000,000,592 | ---- | M] () -- \Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1033\Connectivity\EnumerateSerialPorts.snippet
[2005.10.28 15:29:20 | 000,001,178 | ---- | M] () -- \Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1033\Connectivity\ReadDatafromaSerialPort.snippet
[2005.10.28 15:29:20 | 000,001,492 | ---- | M] () -- \Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1033\Connectivity\UseaSerialPorttoDialaPhoneNumber.snippet
[2012.10.05 17:53:23 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009.06.11 04:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.10.05 17:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.12 13:05:22 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.12 13:12:13 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014.02.12 11:26:23 | 000,309,760 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.12 11:26:23 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014.02.12 11:24:20 | 002,825,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
[2014.02.12 11:24:19 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll.aux
[2014.02.12 12:05:54 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll
[2014.02.12 12:05:54 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll.aux
[2013.09.11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2013.09.11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2013.09.11 22:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.09.11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2013.09.11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009.06.11 04:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2005.09.23 07:56:56 | 000,008,007 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.xml
[2012.10.05 17:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 22:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2013.09.11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013.09.11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013.09.11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2013.09.11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2009.07.14 08:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 06:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009.07.14 09:09:30 | 000,010,240 | ---- | M] () -- \Windows\System32\drivers\en-US\serial.sys.mui
[2009.07.14 05:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009.07.14 06:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009.07.14 05:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009.07.14 09:10:04 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009.07.14 09:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 09:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009.07.14 11:56:40 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009.07.14 09:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 08:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010.11.20 05:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.06 00:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012.10.06 00:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2009.07.14 09:28:14 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2012.10.06 00:12:04 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_en-us_8f4bb639bfcd9db1.manifest
[2012.10.06 00:12:20 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_en-us_787a117bd97892a9.manifest
[2009.07.14 08:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010.11.20 05:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.06 00:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012.10.06 00:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2009.07.14 08:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 08:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009.07.14 08:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010.11.20 05:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.06 00:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012.10.06 00:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009.06.11 04:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.11 04:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2010.11.05 08:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 17:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012.10.05 17:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2009.06.11 04:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2010.11.05 08:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 17:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012.10.05 17:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2009.07.14 05:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009.07.14 09:10:04 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009.07.14 08:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.07.14 09:09:30 | 000,010,240 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_07e2c405948a55f4\serial.sys.mui
[2009.07.14 06:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009.07.14 05:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009.06.11 04:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2010.11.05 08:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 17:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012.10.05 17:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll
< *w7lxe* /s >
< End of report >
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014.06.14 19:44:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eee Pc\Desktop\OTL.exe
[2014.06.13 13:37:11 | 000,000,000 | ---D | C] -- C:\Users\Eee Pc\AppData\Roaming\Malwarebytes
[2014.06.13 13:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.06.13 01:19:10 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014.06.13 01:17:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.06.12 18:40:19 | 002,742,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2014.06.12 18:40:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2014.06.12 18:17:02 | 000,307,032 | ---- | C] (IObit) -- C:\Toolbox.exe
[2014.06.12 18:16:56 | 000,000,000 | ---D | C] -- C:\tools
[2014.06.12 18:16:56 | 000,000,000 | ---D | C] -- C:\logo
[2014.06.11 15:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.06.10 03:58:30 | 000,000,000 | ---D | C] -- C:\Users\Eee Pc\AppData\Roaming\PhotoFiltre 7
[2014.06.10 03:58:25 | 000,000,000 | ---D | C] -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
[2014.06.10 03:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
[2014.06.10 03:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoFiltre 7
[2014.06.08 03:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\GRETECH
[2014.06.07 16:55:47 | 000,000,000 | ---D | C] -- C:\Users\Eee Pc\AppData\Local\Flock
[2014.06.02 23:57:47 | 000,000,000 | -HSD | C] -- C:\Users\Eee Pc\AppData\Local\EmieUserList
[2014.06.02 23:57:47 | 000,000,000 | -HSD | C] -- C:\Users\Eee Pc\AppData\Local\EmieSiteList
[2014.06.02 16:12:39 | 000,692,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.06.02 16:12:38 | 000,070,832 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files - Modified Within 30 Days ==========
[2014.06.15 14:12:48 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.06.15 14:11:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.06.15 13:24:07 | 000,011,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.15 13:24:07 | 000,011,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.15 13:15:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.06.15 13:14:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.15 13:14:18 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2014.06.14 19:45:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eee Pc\Desktop\OTL.exe
[2014.06.13 01:14:45 | 001,333,465 | ---- | M] () -- C:\Users\Eee Pc\Desktop\adwcleaner_3.212.exe
[2014.06.10 03:58:26 | 000,001,020 | ---- | M] () -- C:\Users\Eee Pc\Desktop\PhotoFiltre 7.lnk
[2014.06.09 17:11:56 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2014.06.08 03:03:15 | 000,001,179 | ---- | M] () -- C:\Users\Eee Pc\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2014.06.08 03:03:15 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2014.06.07 18:40:06 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.06.07 18:40:05 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.05.25 13:49:21 | 000,001,012 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.05.25 13:48:43 | 000,000,982 | ---- | M] () -- C:\Users\Eee Pc\Desktop\Dropbox.lnk
========== Files Created - No Company Name ==========
[2014.06.14 19:55:48 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.06.13 01:14:25 | 001,333,465 | ---- | C] () -- C:\Users\Eee Pc\Desktop\adwcleaner_3.212.exe
[2014.06.10 03:58:26 | 000,001,020 | ---- | C] () -- C:\Users\Eee Pc\Desktop\PhotoFiltre 7.lnk
[2014.05.02 01:55:41 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2013.07.16 11:09:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.07.16 11:09:41 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2013.03.11 23:40:11 | 000,180,632 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.03.11 23:40:09 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012.07.25 12:00:18 | 001,129,312 | ---- | C] () -- C:\Windows\System32\602convert.dll
[2012.07.10 11:20:51 | 000,686,425 | ---- | C] () -- C:\Windows\unins000.exe
[2012.07.10 11:20:51 | 000,039,320 | ---- | C] () -- C:\Windows\unins000.dat
[2012.06.01 11:04:41 | 000,000,976 | ---- | C] () -- C:\Users\Eee Pc\AppData\Local\SRDownloader.nast
========== ZeroAccess Check ==========
[2009.07.14 11:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 09:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 19:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 08:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.08.21 21:28:15 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\.minecraft
[2013.03.16 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\602Installer
[2013.03.16 14:16:43 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\602XML
[2012.09.19 15:46:13 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\ACD Systems
[2013.05.23 16:32:18 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Audacity
[2013.11.30 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\AVAST Software
[2013.12.30 18:50:55 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Baidu Security
[2013.07.05 00:14:48 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\DAEMON Tools Lite
[2012.06.01 10:17:42 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\DMCache
[2014.06.15 13:16:26 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Dropbox
[2014.06.15 13:15:42 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\DropboxMaster
[2013.03.19 19:33:16 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\FireShot
[2012.07.22 15:38:18 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\GHISLER
[2012.08.10 13:24:27 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\IDM
[2014.06.07 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Maxthon3
[2013.06.26 07:21:40 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Oracle
[2014.06.10 04:06:58 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\PhotoFiltre 7
[2012.06.10 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\qs
[2013.07.16 11:02:25 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Samsung
[2013.10.02 16:32:32 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Thai2English
[2014.06.12 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 11:53:46 | 000,032,644 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 11:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.06.13 19:09:14 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.06.13 19:09:15 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009.07.14 08:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 08:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 19:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 19:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 06:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 15:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 15:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 15:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011.02.26 12:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 08:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 12:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 12:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 12:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 19:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 12:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 12:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 12:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 12:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 13:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2010.11.20 19:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 19:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 08:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 08:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 19:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 19:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009.07.14 08:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 08:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.04.25 11:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2012.08.23 00:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011.04.25 11:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 08:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013.01.03 12:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010.11.20 19:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2013.01.04 11:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013.07.06 12:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013.07.06 11:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2012.03.30 17:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2013.05.08 13:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2013.09.07 09:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011.04.25 13:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.01.03 12:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2012.03.30 17:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011.04.25 11:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012.03.30 16:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2012.08.23 00:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2013.01.04 11:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2013.09.08 09:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\System32\drivers\tcpip.sys
[2013.09.08 09:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2013.05.08 12:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys
[2012.10.03 23:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013.11.26 18:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2012.10.03 23:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2012.03.30 17:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010.11.20 19:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 19:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 08:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 13:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 12:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 19:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 08:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2014.03.04 16:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\System32\winlogon.exe
[2014.03.04 16:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014.03.04 17:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
< >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< >
< %systemroot%*.* /U /s >
[12 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2011.03.09 17:23:36 | 000,307,032 | ---- | M] (IObit) -- C:\Toolbox.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.08.21 21:28:15 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\.minecraft
[2013.03.16 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\602Installer
[2013.03.16 14:16:43 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\602XML
[2012.09.19 15:46:13 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\ACD Systems
[2012.06.28 17:33:48 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Adobe
[2013.05.23 16:32:18 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Audacity
[2013.11.30 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\AVAST Software
[2013.12.30 18:50:55 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Baidu Security
[2012.05.28 15:05:39 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\CyberLink
[2013.07.05 00:14:48 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\DAEMON Tools Lite
[2012.06.01 10:17:42 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\DMCache
[2014.06.15 13:16:26 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Dropbox
[2014.06.15 13:15:42 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\DropboxMaster
[2013.03.19 19:33:16 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\FireShot
[2012.07.22 15:38:18 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\GHISLER
[2013.03.02 19:35:59 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\GRETECH
[2012.05.28 13:28:51 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Identities
[2012.08.10 13:24:27 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\IDM
[2012.05.28 13:50:31 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Macromedia
[2014.06.13 13:37:11 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Malwarebytes
[2014.06.07 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Maxthon3
[2014.06.08 03:06:20 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Media Player Classic
[2013.04.06 13:30:24 | 000,000,000 | --SD | M] -- C:\Users\Eee Pc\AppData\Roaming\Microsoft
[2012.05.28 16:49:13 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Mozilla
[2013.04.06 12:58:37 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Nero
[2013.06.26 07:21:40 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Oracle
[2014.06.10 04:06:58 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\PhotoFiltre 7
[2012.06.10 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\qs
[2013.07.16 11:02:25 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Samsung
[2014.06.11 01:59:38 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Skype
[2013.10.02 16:32:32 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\Thai2English
[2014.06.12 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\uTorrent
[2014.06.02 02:07:07 | 000,000,000 | ---D | M] -- C:\Users\Eee Pc\AppData\Roaming\vlc
< %APPDATA%\*.exe /s >
[2014.05.20 07:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014.05.20 07:47:16 | 000,244,368 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014.05.20 07:45:26 | 000,143,648 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eee Pc\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2007.03.22 17:46:42 | 000,126,976 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2012.12.12 21:33:40 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2012.12.12 21:33:41 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2012.12.12 21:33:41 | 000,008,854 | R--- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2012.09.18 23:49:02 | 000,041,439 | R--- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Installer\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}\_4D69E3CD100D782CD01439.exe
[2012.09.18 23:49:02 | 000,041,439 | R--- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Installer\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}\_853F67D554F05449430E7E.exe
[2012.09.18 23:49:02 | 000,010,134 | R--- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Microsoft\Installer\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}\_9A017C9EDA4365E39E44AF.exe
[2010.04.26 03:08:43 | 000,342,365 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Nero\Uninstall.exe
[2014.02.03 20:56:40 | 001,564,992 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
[2014.02.03 20:56:42 | 000,559,936 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesAgent.exe
[2014.02.03 20:56:46 | 000,277,824 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
[2014.02.03 20:56:44 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
[2014.02.03 20:48:44 | 000,173,568 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe
[2014.02.03 20:50:36 | 000,352,768 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe
[2014.02.03 20:49:28 | 000,697,344 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
[2014.02.03 20:56:48 | 000,067,904 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
[2014.02.03 20:57:00 | 000,065,856 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\RegisterCOM.exe
[2014.01.23 16:22:36 | 000,055,296 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AdminDelegator.exe
[2014.01.23 16:22:36 | 000,082,944 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe
[2014.01.23 16:22:36 | 000,071,680 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe
[2014.02.03 20:56:52 | 000,845,120 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
[2014.02.03 20:56:54 | 003,835,040 | ---- | M] (Freeware) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
[2014.02.03 20:56:56 | 000,624,448 | ---- | M] (ml) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Updater\Kies.Update.exe
[2013.11.25 18:05:04 | 015,369,584 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2014.05.28 12:00:32 | 001,563,440 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2014.05.28 12:00:40 | 000,558,384 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAgent.exe
[2014.04.30 17:44:08 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAirMessage.exe
[2014.05.28 12:00:54 | 000,276,272 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2014.05.28 12:00:48 | 000,310,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2014.05.28 11:51:12 | 000,173,568 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe
[2014.05.28 11:53:02 | 000,352,768 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe
[2014.05.28 11:52:02 | 000,698,368 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2014.05.28 12:01:02 | 000,066,352 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2014.05.28 12:01:34 | 000,064,304 | ---- | M] () -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\RegisterCOM.exe
[2014.05.22 12:57:28 | 000,061,016 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AdminDelegator.exe
[2014.05.22 12:57:28 | 000,088,664 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe
[2014.05.22 12:57:30 | 000,077,392 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe
[2014.05.28 12:01:10 | 000,843,568 | ---- | M] (Samsung) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2014.05.28 12:01:18 | 003,833,488 | ---- | M] (Freeware) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2014.05.28 12:01:26 | 000,622,896 | ---- | M] (ml) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Updater\Kies.Update.exe
[2014.05.27 15:56:14 | 016,005,152 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2014.02.03 20:56:56 | 000,624,448 | ---- | M] (ml) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2014.05.28 12:01:26 | 000,622,896 | ---- | M] (ml) -- C:\Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2014.01.31 02:25:02 | 000,905,296 | ---- | M] (BitTorrent Inc.) -- C:\Users\Eee Pc\AppData\Roaming\uTorrent\uTorrent.exe
[2014.01.31 02:22:48 | 000,905,296 | ---- | M] (BitTorrent Inc.) -- C:\Users\Eee Pc\AppData\Roaming\uTorrent\updates\3.3.2_30488.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2014.06.15 13:15:13 | 000,000,882 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.06.15 14:12:48 | 000,000,886 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014.06.15 13:24:07 | 000,011,360 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.15 13:24:07 | 000,011,360 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.12 18:44:44 | 092,708,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MRT.exe
< %SYSTEMDRIVE%\*.exe >
[2011.03.09 17:23:36 | 000,307,032 | ---- | M] (IObit) -- C:\Toolbox.exe
< >
< *crack* /s >
[2012.11.15 00:54:50 | 000,686,728 | ---- | M] () -- \Users\Eee Pc\Downloads\cbsidlm-cbsi5_2_0_83-RAR_Password_Cracker-SEO2-10127912.exe
[1994.09.30 19:05:38 | 000,006,101 | ---- | M] () -- \Users\Eee Pc\Downloads\mortal-kombat-2\Mortal Kombat 2\FX\SKCRACK1.U8
< *keygen* /s >
< *AntiWPA* /s >
< *loader* /s >
[2014.05.02 01:55:26 | 000,072,480 | ---- | M] () -- \Program Files\Alwil Software\Avast5\aswWrcIELoader32.exe
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2006.10.26 13:45:02 | 000,061,440 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader80.dll
[2006.10.26 13:45:02 | 000,004,608 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader80.tlb
[2011.11.21 16:11:15 | 000,000,035 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\ComLoader.ini
[2011.11.21 18:02:12 | 000,124,200 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Common\Koan\pyloader.dll
[2011.11.21 16:11:05 | 000,002,830 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Customizations\Generic\Style\Cascade\Media\Standard\SlideBar\ProgressLoader.png
[2011.11.10 18:04:52 | 000,028,126 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Movie\PK\subsys\PyImpLoader\PyImpLoader.kc
[2011.11.10 18:04:52 | 000,120,104 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Movie\PK\subsys\PyImpLoader\_PyImpLoader.pyd
[2011.11.29 20:14:56 | 000,012,088 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\mm\MediaCtrl\ImageLoader.kc
[2011.11.29 20:14:58 | 000,002,692 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\Presentation\Common\D3D9Loader.kc
[2011.08.16 17:03:40 | 000,012,022 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Movie\PowerDVD Cox\mm\MediaCtrl\ImageLoader.kc
[2011.11.21 16:11:19 | 000,001,731 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\System\FlvLoader.swf
[2011.11.21 16:11:20 | 000,001,949 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\System\KernelCtrl\D3D9Loader.kc
[2011.11.21 16:11:20 | 000,056,487 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\System\KernelCtrl\ImageLoader2.kc
[2011.11.21 16:11:21 | 000,004,045 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Widget\langloader.kc
[2011.11.21 16:11:21 | 000,014,262 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\Widget\layoutloader.kc
[2014.02.14 09:52:42 | 000,076,088 | ---- | M] () -- \Program Files\Maxthon\Bin\MxAppLoader.exe
[2014.05.28 16:09:50 | 000,667,960 | ---- | M] () -- \Program Files\Maxthon\Bin\MxDownloader.dll
[2014.02.19 13:54:52 | 000,086,768 | ---- | M] () -- \Program Files\Maxthon\Core\Webkit\Npplugins\gameloader.exe
[2010.01.01 00:00:00 | 000,002,063 | ---- | M] () -- \Program Files\Mozilla Firefox\chrome\browser\content\browser\safebrowsing\sb-loader.js
[2014.05.28 11:58:50 | 000,069,120 | ---- | M] () -- \Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2012.08.31 07:52:20 | 000,183,736 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2008.02.05 20:10:04 | 000,001,737 | ---- | M] () -- \Program Files\Thai2English\img\ajax-loader.gif
[2005.06.07 12:25:46 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2013.05.04 16:47:38 | 000,000,072 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader Help.url
[2013.05.04 16:47:38 | 000,002,191 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader.lnk
[2012.01.31 23:01:14 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.01.31 23:01:14 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2013.05.04 16:47:38 | 000,000,072 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader Help.url
[2013.05.04 16:47:38 | 000,002,191 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader.lnk
[2012.01.31 23:01:14 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.01.31 23:01:14 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.06.01 11:42:20 | 000,000,976 | ---- | M] () -- \Users\Eee Pc\AppData\Local\SRDownloader.nast
[2013.04.06 13:30:33 | 000,057,728 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2013.04.06 13:30:34 | 000,057,728 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2013.04.06 13:30:35 | 000,057,728 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2013.04.06 13:30:36 | 000,057,728 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin3\dt_dadget_loader.png
[2013.04.06 13:30:36 | 000,057,728 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin4\dt_dadget_loader.png
[2013.04.06 13:30:37 | 000,061,770 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin5\dt_dadget_loader.png
[2013.04.06 13:30:38 | 000,061,770 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin6\dt_dadget_loader.png
[2014.06.10 01:34:38 | 000,155,397 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1I3DH3IK\loader[1].js
[2014.06.08 16:17:39 | 000,013,640 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ED0X8HF6\pixelloader[1].swf
[2014.06.08 21:30:54 | 000,020,597 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HEN2M9CZ\preloader[1].swf
[2014.06.08 23:47:09 | 000,020,597 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HEN2M9CZ\preloader[2].swf
[2014.06.12 01:12:37 | 000,029,572 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LYPDQCCI\27226781_20140401130934320_featured_video_970x250_expandable_loader[1].swf
[2014.06.08 17:35:13 | 000,002,830 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWM6SVHY\RmsLoader[1].js
[2014.06.10 01:33:28 | 000,061,619 | ---- | M] () -- \Users\Eee Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWM6SVHY\yuiloader-dom-event[1].js
[2014.02.03 20:54:58 | 000,069,120 | ---- | M] () -- \Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2014.05.28 11:58:50 | 000,069,120 | ---- | M] () -- \Users\Eee Pc\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2013.07.16 11:32:29 | 000,003,208 | ---- | M] () -- \Users\Eee Pc\Documents\samsung\Kies\Backup\GT-I9000\GT-I9000\GT-I9000_\GT-I9000_20130716112435\Photo\openfeint\webui\images\loader.gif
[2013.05.04 16:47:37 | 000,001,247 | ---- | M] () -- \Users\Public\Desktop\YTD Video Downloader.lnk
[2012.05.28 14:35:56 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2014.06.09 20:43:36 | 000,188,928 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common4f49951d#\21713bd1a18de3d3a7f32022a9d5fdb8\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
[2014.06.09 20:43:36 | 000,001,892 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common4f49951d#\21713bd1a18de3d3a7f32022a9d5fdb8\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll.aux
[2013.08.02 08:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 08:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 11:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 11:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 11:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009.07.14 11:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2012.05.30 21:49:14 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2012.05.30 21:49:14 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2012.05.30 21:49:14 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 09:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 09:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 09:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 08:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 14:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 14:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 05:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 08:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 08:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 08:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 11:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.18 18:09:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_0ae0ab79dce0fb26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 23:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 11:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 11:43:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 11:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.21 00:42:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_0b6949e0f5ff7ec0\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 23:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 11:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 11:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 11:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.21 00:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 23:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 11:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 08:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 11:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.21 00:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 23:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 11:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 11:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 12:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 17:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 09:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
[2011.11.21 16:11:20 | 000,002,894 | ---- | M] () -- \Program Files\CyberLink\PowerDVD11\System\KernelCtrl\Activator.kc
< *serial* /s >
[2005.10.28 15:29:20 | 000,000,592 | ---- | M] () -- \Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1033\Connectivity\EnumerateSerialPorts.snippet
[2005.10.28 15:29:20 | 000,001,178 | ---- | M] () -- \Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1033\Connectivity\ReadDatafromaSerialPort.snippet
[2005.10.28 15:29:20 | 000,001,492 | ---- | M] () -- \Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1033\Connectivity\UseaSerialPorttoDialaPhoneNumber.snippet
[2012.10.05 17:53:23 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009.06.11 04:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.10.05 17:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.12 13:05:22 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.12 13:12:13 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014.02.12 11:26:23 | 000,309,760 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.12 11:26:23 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014.02.12 11:24:20 | 002,825,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
[2014.02.12 11:24:19 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll.aux
[2014.02.12 12:05:54 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll
[2014.02.12 12:05:54 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll.aux
[2013.09.11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2013.09.11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2013.09.11 22:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.09.11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2013.09.11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009.06.11 04:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2005.09.23 07:56:56 | 000,008,007 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.xml
[2012.10.05 17:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 22:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2013.09.11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013.09.11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013.09.11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2013.09.11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2009.07.14 08:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 06:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009.07.14 09:09:30 | 000,010,240 | ---- | M] () -- \Windows\System32\drivers\en-US\serial.sys.mui
[2009.07.14 05:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009.07.14 06:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009.07.14 05:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009.07.14 09:10:04 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009.07.14 09:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 09:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009.07.14 11:56:40 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009.07.14 09:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 08:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010.11.20 05:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.06 00:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012.10.06 00:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2009.07.14 09:28:14 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2012.10.06 00:12:04 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_en-us_8f4bb639bfcd9db1.manifest
[2012.10.06 00:12:20 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_en-us_787a117bd97892a9.manifest
[2009.07.14 08:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010.11.20 05:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.06 00:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012.10.06 00:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2009.07.14 08:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 08:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009.07.14 08:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010.11.20 05:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.06 00:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012.10.06 00:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009.06.11 04:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.11 04:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2010.11.05 08:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 17:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012.10.05 17:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2009.06.11 04:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2010.11.05 08:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 17:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012.10.05 17:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2009.07.14 05:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009.07.14 09:10:04 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009.07.14 08:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.07.14 09:09:30 | 000,010,240 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_07e2c405948a55f4\serial.sys.mui
[2009.07.14 06:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009.07.14 05:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009.06.11 04:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2010.11.05 08:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 17:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012.10.05 17:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll
< *w7lxe* /s >
< End of report >
-
Stardust
- Vzorný návštěvník
- Příspěvky: 43
- Registrován: 08 lis 2007 07:59
- Bydliště: (problém) mezi křeslem a klávesnicí
Re: Preventivka
OTL Extras logfile created on: 15.6.2014 14:04:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eee Pc\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy
1014,18 Mb Total Physical Memory | 363,94 Mb Available Physical Memory | 35,89% Memory free
1,99 Gb Paging File | 0,97 Gb Available in Paging File | 48,79% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 123,87 Gb Total Space | 29,10 Gb Free Space | 23,49% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 249,10 Gb Free Space | 72,88% Space Free | Partition Type: NTFS
Computer Name: EEEPC-PC | User Name: Eee Pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = IE.AssocFile.HTM] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = IE.AssocFile.HTM] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2516053383-474250546-561759448-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3791ACA3-EE48-45FE-9CF3-589FC808CA69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7399EC1F-E6F1-4F74-9B8D-9051EE0D1955}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E1155C68-3B74-4498-B381-94608D013831}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05CCB0D7-8916-4283-943D-2426E949B830}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{126F17AA-E98A-4C35-BD31-40F14229F13E}" = protocol=17 | dir=in | app=c:\users\eee pc\appdata\roaming\utorrent\utorrent.exe |
"{1C875828-D896-47CB-9E73-3D7FD0E50BAB}" = protocol=6 | dir=in | app=c:\users\eee pc\appdata\roaming\dropbox\bin\dropbox.exe |
"{2DE52479-D249-40ED-9279-ADBBF101257D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4379FE47-A6F6-4513-A4DE-955A8DFC5FC5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{44B579C7-6033-4BF2-99F7-EAD3F5CC86ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\x superbox trailer\smp.exe |
"{458C8E70-D55D-44B8-B01B-5030CBB5956B}" = protocol=17 | dir=in | app=c:\program files\common files\soft602\langserv.exe |
"{55CA819A-31F2-4B74-84ED-7D4041FEAD2E}" = dir=in | app=c:\program files\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{606ED965-EBC8-4042-9CCE-D9E0EC5FA452}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{630C00F7-8EBB-4FBA-920B-358F51871092}" = protocol=6 | dir=in | app=c:\program files\common files\soft602\langserv.exe |
"{658BA04E-1FE2-40F8-8701-B779EB31FF51}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{75249AAC-8F26-4CFB-82A5-85C6D881805A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\x superbox trailer\smp.exe |
"{82B3FC98-8C47-437F-BB3F-DF60851C03DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{911B20ED-E5A0-4125-BB57-509516D3F8DA}" = dir=in | app=c:\program files\cyberlink\powerdvd11\pdvd11serv.exe |
"{97BFA6BB-98A7-4E5A-91DF-DDA06288252B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{9D0DCE1D-37B0-44DC-8268-8454A0C6B425}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{A33AF7B3-873F-4EA6-8FF2-456D297281C1}" = dir=in | app=c:\program files\cyberlink\powerdvd11\powerdvd11.exe |
"{B2C487A3-E76D-4EDE-8055-FB75882B101E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B62E0C63-50DE-4FFA-BB32-BF78CD99C6D5}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{D0269A7B-F9FA-41D3-9C07-70B5064389EF}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
"{DDBF0CF2-20A7-4933-86ED-29F48EEA4055}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
"{E494D6DF-8886-4EB5-B42C-9A37BE718D83}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EC32B5C2-3F0F-4905-8251-16BD51D7BDE9}" = protocol=17 | dir=in | app=c:\users\eee pc\appdata\roaming\dropbox\bin\dropbox.exe |
"{EFC3FC60-2568-4F7E-A26B-E8B467248D2B}" = dir=in | app=c:\program files\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{F6F7CE60-2F9D-4564-8751-38F3432EFD46}" = protocol=6 | dir=in | app=c:\users\eee pc\appdata\roaming\utorrent\utorrent.exe |
"{F79294A9-8402-4F80-A752-164BE5A93581}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{09A17529-E67D-4B74-85BE-DCD1DDC85831}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{E2F54733-71BA-432D-8527-89EBC7570828}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{548DF773-651E-4D5E-920D-81F7DBEBB8BC}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{D74C9C7C-A1F5-45E8-9B88-FA5EF802FE84}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{72882900-0AB6-458C-8C36-6AB6FA5CB978}" = Software602 Form Filler
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{DCE1A5DE-7F8E-4AC0-BED5-AC9281CEC443}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = dtac aircard
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABB4B2BE-EE73-4433-AA3E-258A755C3A4E}_is1" = Thai2English
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C83F056D-E3D5-4308-B3ED-9FAFA8ACF821}_is1" = Auto Mouse Clicker v3.8
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AIMP2" = AIMP2
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Elantech" = ETDWare PS/2-x86 7.0.5.13_WHQL
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fuse" = Free Unix Spectrum Emulator (Fuse) 1.0.0.1
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Hattrick Organizer" = Hattrick Organizer (remove only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Heroes of Might and Magic II Gold" = Heroes(TM) II Gold
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.2.0 (Full)
"Lexique Pro - English_is1" = Lexique Pro 3.4
"LINE" = LINE
"Lingoes Translator_is1" = Lingoes 2.9.1
"Maxthon3" = Maxthon Cloud Browser
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.1.0
"WinRAR archiver" = WinRAR archiver
"X - Beyond the Frontier" = X - Beyond the Frontier
"X3-ReunionDemo44_is1" = X3 Reunion Playable DEMO v2.5
"XBeyondTheFrontier_is1" = X - Beyond the Frontier v2.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2516053383-474250546-561759448-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"PhotoFiltre 7" = PhotoFiltre 7
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7.6.2014 7:34:49 | Computer Name = EeePc-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 8.6.2014 14:29:44 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 9.6.2014 15:03:12 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Mozilla
Firefox\crashreporter.exe".Error in manifest or policy file "C:\Program Files\Mozilla
Firefox\crashreporter.exe" on line 0. Invalid Xml syntax.
Error - 10.6.2014 1:24:52 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 10.6.2014 23:01:46 | Computer Name = EeePc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PDVD11Serv.exe, version: 11.0.0.2321, time
stamp: 0x4eca1193 Faulting module name: CLDeviceRC.dll, version: 1.0.2008.0, time
stamp: 0x4e3f5c27 Exception code: 0xc0000005 Fault offset: 0x00004cd5 Faulting process
id: 0x3e0 Faulting application start time: 0x01cf85216d9d3789 Faulting application
path: C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe Faulting module path:
C:\Program Files\CyberLink\PowerDVD11\Common\CLDeviceRC.dll Report Id: b875909c-f114-11e3-9ea9-14dae923181a
Error - 10.6.2014 23:46:55 | Computer Name = EeePc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17041,
time stamp: 0x531807e4 Faulting module name: igdumd32.dll, version: 8.14.10.2364,
time stamp: 0x4da3ce38 Exception code: 0xc0000005 Fault offset: 0x000b9530 Faulting
process id: 0xc10 Faulting application start time: 0x01cf8527849da2a2 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\igdumd32.dll
Report
Id: 07d33f4e-f11b-11e3-9ea9-14dae923181a
Error - 11.6.2014 15:16:00 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12.6.2014 16:12:30 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.6.2014 12:46:11 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 14.6.2014 13:23:34 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ System Events ]
Error - 9.6.2014 23:14:27 | Computer Name = EeePc-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 12.6.2014 2:51:57 | Computer Name = EeePc-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:09:25 AM on ?6/?12/?2014 was unexpected.
Error - 12.6.2014 7:43:50 | Computer Name = EeePc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070308: Security Update for Windows 7 (KB2957509).
Error - 12.6.2014 7:55:18 | Computer Name = EeePc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070308: Security Update for Windows 7 (KB2957189).
Error - 12.6.2014 7:56:28 | Computer Name = EeePc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070308: Update for Windows 7 (KB2800095).
Error - 12.6.2014 7:56:33 | Computer Name = EeePc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070308: Security Update for Windows 7 (KB2939576).
Error - 12.6.2014 7:56:50 | Computer Name = EeePc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070308: Cumulative Security Update for Internet Explorer 11 for
Windows 7 (KB2957689).
Error - 12.6.2014 7:56:55 | Computer Name = EeePc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070308: Security Update for Windows 7 (KB2957503).
Error - 12.6.2014 16:34:58 | Computer Name = EeePc-PC | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 11.0 Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 14.6.2014 6:47:50 | Computer Name = EeePc-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
.NET Framework NGEN v4.0.30319_X86 service to connect.
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eee Pc\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy
1014,18 Mb Total Physical Memory | 363,94 Mb Available Physical Memory | 35,89% Memory free
1,99 Gb Paging File | 0,97 Gb Available in Paging File | 48,79% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 123,87 Gb Total Space | 29,10 Gb Free Space | 23,49% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 249,10 Gb Free Space | 72,88% Space Free | Partition Type: NTFS
Computer Name: EEEPC-PC | User Name: Eee Pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = IE.AssocFile.HTM] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = IE.AssocFile.HTM] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2516053383-474250546-561759448-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3791ACA3-EE48-45FE-9CF3-589FC808CA69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7399EC1F-E6F1-4F74-9B8D-9051EE0D1955}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E1155C68-3B74-4498-B381-94608D013831}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05CCB0D7-8916-4283-943D-2426E949B830}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{126F17AA-E98A-4C35-BD31-40F14229F13E}" = protocol=17 | dir=in | app=c:\users\eee pc\appdata\roaming\utorrent\utorrent.exe |
"{1C875828-D896-47CB-9E73-3D7FD0E50BAB}" = protocol=6 | dir=in | app=c:\users\eee pc\appdata\roaming\dropbox\bin\dropbox.exe |
"{2DE52479-D249-40ED-9279-ADBBF101257D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4379FE47-A6F6-4513-A4DE-955A8DFC5FC5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{44B579C7-6033-4BF2-99F7-EAD3F5CC86ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\x superbox trailer\smp.exe |
"{458C8E70-D55D-44B8-B01B-5030CBB5956B}" = protocol=17 | dir=in | app=c:\program files\common files\soft602\langserv.exe |
"{55CA819A-31F2-4B74-84ED-7D4041FEAD2E}" = dir=in | app=c:\program files\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{606ED965-EBC8-4042-9CCE-D9E0EC5FA452}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{630C00F7-8EBB-4FBA-920B-358F51871092}" = protocol=6 | dir=in | app=c:\program files\common files\soft602\langserv.exe |
"{658BA04E-1FE2-40F8-8701-B779EB31FF51}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{75249AAC-8F26-4CFB-82A5-85C6D881805A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\x superbox trailer\smp.exe |
"{82B3FC98-8C47-437F-BB3F-DF60851C03DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{911B20ED-E5A0-4125-BB57-509516D3F8DA}" = dir=in | app=c:\program files\cyberlink\powerdvd11\pdvd11serv.exe |
"{97BFA6BB-98A7-4E5A-91DF-DDA06288252B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{9D0DCE1D-37B0-44DC-8268-8454A0C6B425}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{A33AF7B3-873F-4EA6-8FF2-456D297281C1}" = dir=in | app=c:\program files\cyberlink\powerdvd11\powerdvd11.exe |
"{B2C487A3-E76D-4EDE-8055-FB75882B101E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B62E0C63-50DE-4FFA-BB32-BF78CD99C6D5}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{D0269A7B-F9FA-41D3-9C07-70B5064389EF}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
"{DDBF0CF2-20A7-4933-86ED-29F48EEA4055}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
"{E494D6DF-8886-4EB5-B42C-9A37BE718D83}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EC32B5C2-3F0F-4905-8251-16BD51D7BDE9}" = protocol=17 | dir=in | app=c:\users\eee pc\appdata\roaming\dropbox\bin\dropbox.exe |
"{EFC3FC60-2568-4F7E-A26B-E8B467248D2B}" = dir=in | app=c:\program files\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{F6F7CE60-2F9D-4564-8751-38F3432EFD46}" = protocol=6 | dir=in | app=c:\users\eee pc\appdata\roaming\utorrent\utorrent.exe |
"{F79294A9-8402-4F80-A752-164BE5A93581}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{09A17529-E67D-4B74-85BE-DCD1DDC85831}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{E2F54733-71BA-432D-8527-89EBC7570828}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{548DF773-651E-4D5E-920D-81F7DBEBB8BC}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{D74C9C7C-A1F5-45E8-9B88-FA5EF802FE84}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{72882900-0AB6-458C-8C36-6AB6FA5CB978}" = Software602 Form Filler
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{DCE1A5DE-7F8E-4AC0-BED5-AC9281CEC443}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = dtac aircard
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABB4B2BE-EE73-4433-AA3E-258A755C3A4E}_is1" = Thai2English
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C83F056D-E3D5-4308-B3ED-9FAFA8ACF821}_is1" = Auto Mouse Clicker v3.8
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AIMP2" = AIMP2
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Elantech" = ETDWare PS/2-x86 7.0.5.13_WHQL
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fuse" = Free Unix Spectrum Emulator (Fuse) 1.0.0.1
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Hattrick Organizer" = Hattrick Organizer (remove only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Heroes of Might and Magic II Gold" = Heroes(TM) II Gold
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.2.0 (Full)
"Lexique Pro - English_is1" = Lexique Pro 3.4
"LINE" = LINE
"Lingoes Translator_is1" = Lingoes 2.9.1
"Maxthon3" = Maxthon Cloud Browser
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.1.0
"WinRAR archiver" = WinRAR archiver
"X - Beyond the Frontier" = X - Beyond the Frontier
"X3-ReunionDemo44_is1" = X3 Reunion Playable DEMO v2.5
"XBeyondTheFrontier_is1" = X - Beyond the Frontier v2.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2516053383-474250546-561759448-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"PhotoFiltre 7" = PhotoFiltre 7
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7.6.2014 7:34:49 | Computer Name = EeePc-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 8.6.2014 14:29:44 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 9.6.2014 15:03:12 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Mozilla
Firefox\crashreporter.exe".Error in manifest or policy file "C:\Program Files\Mozilla
Firefox\crashreporter.exe" on line 0. Invalid Xml syntax.
Error - 10.6.2014 1:24:52 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 10.6.2014 23:01:46 | Computer Name = EeePc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PDVD11Serv.exe, version: 11.0.0.2321, time
stamp: 0x4eca1193 Faulting module name: CLDeviceRC.dll, version: 1.0.2008.0, time
stamp: 0x4e3f5c27 Exception code: 0xc0000005 Fault offset: 0x00004cd5 Faulting process
id: 0x3e0 Faulting application start time: 0x01cf85216d9d3789 Faulting application
path: C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe Faulting module path:
C:\Program Files\CyberLink\PowerDVD11\Common\CLDeviceRC.dll Report Id: b875909c-f114-11e3-9ea9-14dae923181a
Error - 10.6.2014 23:46:55 | Computer Name = EeePc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17041,
time stamp: 0x531807e4 Faulting module name: igdumd32.dll, version: 8.14.10.2364,
time stamp: 0x4da3ce38 Exception code: 0xc0000005 Fault offset: 0x000b9530 Faulting
process id: 0xc10 Faulting application start time: 0x01cf8527849da2a2 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\igdumd32.dll
Report
Id: 07d33f4e-f11b-11e3-9ea9-14dae923181a
Error - 11.6.2014 15:16:00 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12.6.2014 16:12:30 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.6.2014 12:46:11 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 14.6.2014 13:23:34 | Computer Name = EeePc-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ System Events ]
Error - 9.6.2014 23:14:27 | Computer Name = EeePc-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 12.6.2014 2:51:57 | Computer Name = EeePc-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:09:25 AM on ?6/?12/?2014 was unexpected.
Error - 12.6.2014 7:43:50 | Computer Name = EeePc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070308: Security Update for Windows 7 (KB2957509).
Error - 12.6.2014 7:55:18 | Computer Name = EeePc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070308: Security Update for Windows 7 (KB2957189).
Error - 12.6.2014 7:56:28 | Computer Name = EeePc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070308: Update for Windows 7 (KB2800095).
Error - 12.6.2014 7:56:33 | Computer Name = EeePc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070308: Security Update for Windows 7 (KB2939576).
Error - 12.6.2014 7:56:50 | Computer Name = EeePc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070308: Cumulative Security Update for Internet Explorer 11 for
Windows 7 (KB2957689).
Error - 12.6.2014 7:56:55 | Computer Name = EeePc-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070308: Security Update for Windows 7 (KB2957503).
Error - 12.6.2014 16:34:58 | Computer Name = EeePc-PC | Source = Service Control Manager | ID = 7034
Description = The CyberLink PowerDVD 11.0 Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 14.6.2014 6:47:50 | Computer Name = EeePc-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
.NET Framework NGEN v4.0.30319_X86 service to connect.
< End of report >
Přispějete na provoz fóra?
