Tak som si oskenoval pc Spybotom a toto mi vyhodilo, dal som to vsetko fixnut a myslim ze mi to asi nieco dalo aj to karanteny tak neviem co s tym. Zoskenoval som pc aj s RSIT s 1 month. Dam tu logy z oboch. :Spybot : Search results from Spybot - Search & Destroy
19. 6. 2014 22:00:42
Scan took 00:17:50.
38 items found.
Win32.2UrFace.bho: [SBI $62251A5D] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Win32.2UrFace.bho: [SBI $62251A5D] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (User): Misko) (Browser: Cookie, nothing done)
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\PE_C_NA\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\PE_C_NA\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\PE_C_NA\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\PE_C_NA\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $99432203] Open with list - .CFG extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CFG\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\PE_C_NA\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\PE_C_NA\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\PE_C_NA\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\PE_C_NA\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Browser: Cookie (14) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (190) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (41) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.3.39.131 DLL (build: 20140425) ---
2014-04-25 blindman.exe (2.3.39.151)
2014-04-25 explorer.exe (2.3.39.181)
2014-04-25 SDBootCD.exe (2.3.39.109)
2014-04-25 SDCleaner.exe (2.3.39.110)
2014-04-25 SDDelFile.exe (2.3.39.94)
2013-06-18 SDDisableProxy.exe
2014-04-25 SDFiles.exe (2.3.39.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2014-04-25 SDFSSvc.exe (2.3.39.217)
2014-04-25 SDHelp.exe (2.3.39.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-04-25 SDImmunize.exe (2.3.39.130)
2014-04-25 SDLogReport.exe (2.3.39.107)
2014-04-25 SDOnAccess.exe (2.3.39.11)
2014-04-25 SDPESetup.exe (2.3.39.3)
2014-04-25 SDPEStart.exe (2.3.39.86)
2014-04-25 SDPhoneScan.exe (2.3.39.28)
2014-04-25 SDPRE.exe (2.3.39.22)
2014-04-25 SDPrepPos.exe (2.3.39.15)
2014-04-25 SDQuarantine.exe (2.3.39.103)
2014-04-25 SDRootAlyzer.exe (2.3.39.116)
2014-04-25 SDSBIEdit.exe (2.3.39.39)
2014-04-25 SDScan.exe (2.3.39.181)
2014-04-25 SDScript.exe (2.3.39.54)
2014-04-25 SDSettings.exe (2.3.39.139)
2014-04-25 SDShell.exe (2.3.39.2)
2014-04-25 SDShred.exe (2.3.39.108)
2014-04-25 SDSysRepair.exe (2.3.39.102)
2014-04-25 SDTools.exe (2.3.39.157)
2014-04-25 SDTray.exe (2.3.39.129)
2014-04-25 SDUpdate.exe (2.3.39.94)
2014-04-25 SDUpdSvc.exe (2.3.39.77)
2014-04-25 SDWelcome.exe (2.3.39.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2013-06-19 spybotsd2-translation-frx.exe
2014-06-19 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-04-25 SDAdvancedCheckLibrary.dll (2.3.39.98)
2014-04-25 SDAV.dll
2014-04-25 SDECon32.dll (2.3.39.114)
2014-04-25 SDECon64.dll (2.3.39.113)
2014-04-25 SDEvents.dll (2.3.39.2)
2014-04-25 SDFileScanLibrary.dll (2.3.39.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-04-25 SDImmunizeLibrary.dll (2.3.39.2)
2014-04-25 SDLicense.dll (2.3.39.0)
2014-04-25 SDLists.dll (2.3.39.4)
2014-04-25 SDResources.dll (2.3.39.7)
2014-04-25 SDScanLibrary.dll (2.3.39.131)
2014-04-25 SDTasks.dll (2.3.39.15)
2013-12-19 SDWinLogon.dll (2.3.37.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-04-25 Tools.dll (2.3.39.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-06-18 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-06-11 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-06-18 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-06-18 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
A tu je Rsit
Logfile of random's system information tool 1.10 (written by random/random)
Run by Misko at 2014-06-19 22:07:33
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 32 GB (46%) free of 70 GB
Total RAM: 8173 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:07:36, on 19. 6. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
D:\Programs\Webcam\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\trend micro\Misko.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site
O4 - HKLM\..\Run: [LWS] D:\Programs\Webcam\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programs\Daemon tools\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESL Wire Helper Service (EslWireHelper) - Unknown owner - C:\Program Files\EslWire\service\WireHelperSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.6 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XMouseButton Launcher - Highresolution Enterprises - C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
--
End of file - 7306 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\EslWire\service\WireHelperSvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
/notportable /svclaunch
"D:\Programs\Webcam\LWS\Webcam Software\LWS.exe" -hide
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
"A:\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Misko\AppData\Roaming\Mozilla\Firefox\Profiles\yn4l5qs3.default
prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.2]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.2]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
C:\Users\Misko\AppData\Roaming\Mozilla\Firefox\Profiles\yn4l5qs3.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
C:\Users\Misko\AppData\Roaming\Mozilla\Firefox\Profiles\yn4l5qs3.default\searchplugins\
conduit-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-28 11905128]
"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\Programs\Daemon tools\DAEMON Tools Lite\DTLite.exe [2012-01-24 3478336]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LWS"=D:\Programs\Webcam\LWS\Webcam Software\LWS.exe [2012-09-13 204136]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-04-17 767200]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-04-25 4101584]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"MSVideo"=vfwwdm32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-06-19 22:07:33 ----D---- C:\rsit
2014-06-19 22:07:33 ----D---- C:\Program Files\trend micro
2014-06-19 21:22:59 ----A---- C:\Windows\system32\sdnclean64.exe
2014-06-10 17:20:13 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-06-09 19:49:33 ----D---- C:\Users\Misko\AppData\Roaming\Injustice
2014-06-03 22:59:05 ----D---- C:\Users\Misko\AppData\Roaming\NCSOFT
2014-06-01 01:23:45 ----D---- C:\Users\Misko\AppData\Roaming\MotioninJoy
2014-06-01 01:23:42 ----D---- C:\Program Files\MotioninJoy
2014-06-01 01:23:42 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2014-06-01 01:23:42 ----A---- C:\Windows\system32\MijFrc.dll
2014-06-01 01:23:42 ----A---- C:\Windows\system32\drivers\xusb21.sys
2014-06-01 01:23:42 ----A---- C:\Windows\system32\drivers\MijXfilt.sys
2014-05-25 03:21:45 ----D---- C:\Users\Misko\AppData\Roaming\Ubisoft
2014-05-25 03:13:27 ----D---- C:\ProgramData\Ubisoft
2014-05-22 02:46:54 ----D---- C:\Users\Misko\AppData\Roaming\ATI
2014-05-22 02:46:54 ----D---- C:\ProgramData\ATI
2014-05-22 02:45:10 ----D---- C:\Program Files (x86)\AMD AVT
2014-05-22 02:44:08 ----D---- C:\Program Files\AMD
2014-05-22 02:43:51 ----D---- C:\Program Files\Common Files\ATI Technologies
2014-05-22 02:43:38 ----D---- C:\Program Files (x86)\ATI Technologies
2014-05-22 02:42:59 ----D---- C:\Program Files\ATI
2014-05-22 02:40:34 ----D---- C:\Program Files\ATI Technologies
2014-05-22 02:39:38 ----D---- C:\AMD
2014-05-22 01:51:05 ----D---- C:\ProgramData\Steam
======List of files/folders modified in the last 1 month======
2014-06-19 22:07:36 ----D---- C:\Windows\Temp
2014-06-19 22:07:33 ----RD---- C:\Program Files
2014-06-19 22:04:17 ----D---- C:\Windows\Prefetch
2014-06-19 22:00:09 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-06-19 21:29:40 ----D---- C:\Windows\system32\config
2014-06-19 21:26:05 ----SD---- C:\ProgramData\Microsoft
2014-06-19 21:24:30 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-19 21:22:59 ----D---- C:\Windows\System32
2014-06-19 21:21:01 ----D---- C:\Windows\inf
2014-06-19 21:21:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-19 21:16:31 ----D---- C:\Windows
2014-06-19 21:14:12 ----D---- C:\Users\Misko\AppData\Roaming\DAEMON Tools Lite
2014-06-19 21:14:05 ----D---- C:\Users\Misko\AppData\Roaming\uTorrent
2014-06-19 21:14:05 ----D---- C:\Users\Misko\AppData\Roaming\TS3Client
2014-06-19 21:13:17 ----D---- C:\Windows\Logs
2014-06-19 21:04:28 ----RD---- C:\Program Files (x86)
2014-06-19 20:55:03 ----HD---- C:\ProgramData
2014-06-19 20:52:44 ----D---- C:\Windows\Tasks
2014-06-19 20:52:44 ----D---- C:\Windows\SysWOW64
2014-06-19 20:52:44 ----D---- C:\Windows\system32\Tasks
2014-06-19 20:50:40 ----D---- C:\Windows\SYSWOW64\Adobe
2014-06-19 20:46:09 ----SHD---- C:\Windows\Installer
2014-06-19 20:46:08 ----D---- C:\Program Files (x86)\Common Files
2014-06-19 20:45:32 ----SHD---- C:\System Volume Information
2014-06-19 20:39:30 ----D---- C:\ProgramData\Origin
2014-06-18 14:06:19 ----D---- C:\Windows\system32\catroot2
2014-06-18 04:48:50 ----RSD---- C:\Windows\assembly
2014-06-16 03:36:22 ----D---- C:\ProgramData\PMB Files
2014-06-14 04:32:26 ----D---- C:\Users\Misko\AppData\Roaming\Skype
2014-06-11 14:15:39 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 03:49:49 ----D---- C:\Users\Misko\AppData\Roaming\vlc
2014-06-04 20:47:27 ----D---- C:\Windows\system32\catroot
2014-06-04 20:47:26 ----D---- C:\Windows\system32\DriverStore
2014-06-01 01:27:37 ----D---- C:\Windows\system32\drivers
2014-05-31 12:33:24 ----D---- C:\ProgramData\Orbit
2014-05-25 03:10:14 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-05-22 02:56:44 ----D---- C:\Windows\Microsoft.NET
2014-05-22 02:45:11 ----D---- C:\ProgramData\AMD
2014-05-22 02:43:51 ----D---- C:\Program Files\Common Files
2014-05-22 02:43:25 ----D---- C:\ProgramData\Package Cache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2011-12-14 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-28 283200]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
R2 ESLWireAC;ESLWireAC; \??\C:\Windows\system32\drivers\ESLWireACD.sys [2012-12-17 160784]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2012-05-30 16168]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-04-18 15376384]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-04-18 638976]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-28 2905832]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-09-21 351520]
R3 LVUVC64;Logitech HD Webcam C270(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-09-21 4763680]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
S3 danewFltr;NewDeathAdder Mouse; C:\Windows\system32\drivers\danew.sys [2010-03-23 12032]
S3 ESEADriver2;ESEADriver2; \??\C:\Users\Misko\AppData\Local\Temp\ESEADriver2.sys []
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-02 66840]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-02 60696]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2011-09-02 42776]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver; C:\Windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VKbms;Razer Gaming Device; C:\Windows\system32\DRIVERS\VKbms.sys [2010-09-30 13312]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2011-12-07 74960]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-04-18 239616]
R2 EslWireHelper;ESL Wire Helper Service; C:\Program Files\EslWire\service\WireHelperSvc.exe [2012-12-17 678416]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-10-31 76888]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-04-25 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-04-25 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R2 XMouseButton Launcher;XMouseButton Launcher; C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2012-06-23 87040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-09 51648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-10 119408]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-05-29 543424]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.6; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-05-30 149544]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
-----------------EOF-----------------
Co s tym mam robit ? Mam to prebehnut aj s Malwarebyte ? A mam v spybote dat Purge vsetko v karantene ? Dakujem za pomoc
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Malware v pc ? Prosim o radu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Malware v pc ? Prosim o radu
Zdravim 
Spybota rovnou odinstalujte. Program je zastaraly a nedokaze celit dnesni haveti.
Pouzivate nejaky antivir?
Ten Hosts soubor mate upraveny schvalne?
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222
Spybota rovnou odinstalujte. Program je zastaraly a nedokaze celit dnesni haveti. Pouzivate nejaky antivir? Ten Hosts soubor mate upraveny schvalne?skazatoN píše:O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 http://www.easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 http://www.easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 http://www.easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site
O1 - Hosts: 255.255.255.255 http://www.easyanticheat.org # misleading site
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Malware v pc ? Prosim o radu
Zdravim, dakujem Tak urobil som kompletny scan s MBAM ale zabudol som nakoniec skopirovat log 
Ale nenaslo mi to ziadnu chybu a log bol cisty. ADWcleaner log. # AdwCleaner v3.212 - Report created 20/06/2014 at 00:41:59
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Misko - MISKO-PC
# Running from : A:\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\Misko\daemonprocess.txt
Folder Found : C:\Users\Misko\AppData\Local\Mobogenie
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v30.0 (sk)
[ File : C:\Users\Misko\AppData\Roaming\Mozilla\Firefox\Profiles\yn4l5qs3.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1304 octets] - [20/06/2014 00:41:59]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1364 octets] ##########
teraz mi uz v ADWcleaneri ukazuje jedinu chybu stale ten firefox prefs.js aj som skusal preinstalovat firefox a aj tak mi to ukazuje. A antivir nepouzivam ziadny ale teraz si skusim nainstalovat AVG. A ten hosts som nemenil ale toto robi tusim Easyanticheat ktory instaluje ESL Wire ked sa hravaju cez to ligove zapasy v Counter Strike. Mam to opravit cez Rogue Killer ? Vdaka
Ale nenaslo mi to ziadnu chybu a log bol cisty. ADWcleaner log. # AdwCleaner v3.212 - Report created 20/06/2014 at 00:41:59# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Misko - MISKO-PC
# Running from : A:\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\Misko\daemonprocess.txt
Folder Found : C:\Users\Misko\AppData\Local\Mobogenie
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v30.0 (sk)
[ File : C:\Users\Misko\AppData\Roaming\Mozilla\Firefox\Profiles\yn4l5qs3.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1304 octets] - [20/06/2014 00:41:59]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1364 octets] ##########
teraz mi uz v ADWcleaneri ukazuje jedinu chybu stale ten firefox prefs.js aj som skusal preinstalovat firefox a aj tak mi to ukazuje. A antivir nepouzivam ziadny ale teraz si skusim nainstalovat AVG. A ten hosts som nemenil ale toto robi tusim Easyanticheat ktory instaluje ESL Wire ked sa hravaju cez to ligove zapasy v Counter Strike. Mam to opravit cez Rogue Killer ? Vdaka
Re: Malware v pc ? Prosim o radu
Doufam, ze to byla kompletni kontrola.skazatoN píše:Zdravim, dakujem Tak urobil som kompletny scan s MBAM ale zabudol som nakoniec skopirovat log
Ja chtel log po smazani, tohle je ze skenu, ale nevadi.skazatoN píše:ADWcleaner log.
To co tam ukazuje neni zadna chyba, je to jen informace.skazatoN píše:teraz mi uz v ADWcleaneri ukazuje jedinu chybu stale ten firefox prefs.js
Proc zrovna AVG???skazatoN píše:A antivir nepouzivam ziadny ale teraz si skusim nainstalovat AVG.
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Malware v pc ? Prosim o radu
Bol to kompletny scan s malvarebyte co trval cca 1,40 hod. Avg preto lebo som cital ze je lepsi nez Avast. tu prikladam log z adw ktory bol po opraveni
# AdwCleaner v3.212 - Report created 20/06/2014 at 00:50:06
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Misko - MISKO-PC
# Running from : A:\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v30.0 (sk)
[ File : C:\Users\Misko\AppData\Roaming\Mozilla\Firefox\Profiles\yn4l5qs3.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1444 octets] - [20/06/2014 00:41:59]
AdwCleaner[R1].txt - [669 octets] - [20/06/2014 00:50:06]
AdwCleaner[S0].txt - [1527 octets] - [20/06/2014 00:43:37]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [788 octets] ##########
A tu je log z ComboFix
ComboFix 14-06-19.01 - Misko . 06. 2014 18:32:32.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8173.6414 [GMT 1:00]
Running from: c:\users\Misko\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
A:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-05-20 to 2014-06-20 )))))))))))))))))))))))))))))))
.
.
2014-06-20 16:06 . 2014-06-20 16:06 -------- d-----w- c:\programdata\RogueKiller
2014-06-20 15:10 . 2014-06-20 15:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-20 15:10 . 2014-06-20 15:10 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-20 14:56 . 2014-06-20 14:56 -------- d-----w- c:\users\Misko\AppData\Roaming\AVG
2014-06-20 14:56 . 2014-06-20 14:56 -------- d-----w- c:\users\Misko\AppData\Local\AVG
2014-06-20 14:53 . 2014-06-20 14:58 -------- d-----w- c:\programdata\AVG
2014-06-20 14:53 . 2014-06-20 15:01 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-20 13:55 . 2014-06-20 13:55 -------- d-----w- c:\users\Misko\AppData\Roaming\TuneUp Software
2014-06-20 13:55 . 2014-06-20 13:55 -------- d-----w- C:\$AVG
2014-06-20 13:52 . 2014-06-20 14:48 -------- d-----w- c:\programdata\MFAData
2014-06-20 13:52 . 2014-06-20 14:10 -------- d-----w- c:\users\Misko\AppData\Local\Avg2014
2014-06-20 13:52 . 2014-06-20 13:52 -------- d--h--w- c:\programdata\Common Files
2014-06-20 13:52 . 2014-06-20 13:52 -------- d-----w- c:\users\Misko\AppData\Local\MFAData
2014-06-19 23:41 . 2014-06-20 13:33 -------- d-----w- C:\AdwCleaner
2014-06-19 21:07 . 2014-06-19 21:07 -------- d-----w- C:\rsit
2014-06-19 21:07 . 2014-06-19 21:07 -------- d-----w- c:\program files\trend micro
2014-06-09 18:49 . 2014-06-09 18:49 -------- d-----w- c:\users\Misko\AppData\Roaming\Injustice
2014-06-07 02:22 . 2014-06-08 17:37 -------- d-----w- c:\users\Misko\.chatty
2014-06-03 21:59 . 2014-06-19 19:47 -------- d-----w- c:\users\Misko\AppData\Local\NCSOFT
2014-06-03 21:59 . 2014-06-03 21:59 -------- d-----w- c:\users\Misko\AppData\Roaming\NCSOFT
2014-06-01 00:23 . 2014-06-01 00:23 -------- d-----w- c:\users\Misko\AppData\Roaming\MotioninJoy
2014-06-01 00:23 . 2014-06-01 00:23 -------- d-----w- c:\program files\MotioninJoy
2014-06-01 00:23 . 2012-05-12 11:31 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2014-06-01 00:23 . 2011-12-07 18:42 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2014-06-01 00:23 . 2011-12-07 18:42 328712 ----a-w- c:\windows\system32\MijFrc.dll
2014-06-01 00:23 . 2011-12-07 18:42 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-05-31 04:17 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DB22473-847B-4785-A6C4-06DD9C5C167E}\mpengine.dll
2014-05-25 02:21 . 2014-05-25 02:21 -------- d-----w- c:\users\Misko\AppData\Roaming\Ubisoft
2014-05-25 02:13 . 2014-05-25 02:13 -------- d-----w- c:\programdata\Ubisoft
2014-05-24 11:42 . 2014-05-24 11:42 -------- d-----w- c:\users\Misko\AppData\Local\Ubisoft Game Launcher
2014-05-22 01:46 . 2014-05-22 01:46 -------- d-----w- c:\users\Misko\AppData\Roaming\ATI
2014-05-22 01:46 . 2014-05-22 01:46 -------- d-----w- c:\users\Misko\AppData\Local\ATI
2014-05-22 01:46 . 2014-05-22 01:46 -------- d-----w- c:\programdata\ATI
2014-05-22 01:46 . 2014-05-22 01:46 0 ----a-w- c:\windows\ativpsrm.bin
2014-05-22 01:45 . 2014-05-22 01:45 -------- d-----w- c:\program files (x86)\AMD AVT
2014-05-22 01:45 . 2014-05-22 01:45 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-05-22 01:44 . 2014-05-22 01:44 -------- d-----w- c:\program files\AMD
2014-05-22 01:43 . 2014-05-22 01:43 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-05-22 01:43 . 2014-05-22 01:43 -------- d-----w- c:\program files (x86)\ATI Technologies
2014-05-22 01:42 . 2014-05-22 01:42 -------- d-----w- c:\program files\ATI
2014-05-22 01:40 . 2014-05-22 01:44 -------- d-----w- c:\program files\ATI Technologies
2014-05-22 00:51 . 2014-05-22 00:51 -------- d-----w- c:\programdata\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 16:12 . 2013-10-31 20:07 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-15 16:12 . 2012-03-27 17:55 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-05-13 21:52 . 2011-12-13 23:37 6656 ----a-w- c:\windows\system32\lpcio.dll
2014-05-13 13:20 . 2014-05-13 13:20 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-05-13 13:20 . 2014-05-13 13:20 273176 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-05-13 13:06 . 2014-05-13 13:06 323352 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-05-13 13:05 . 2014-05-13 13:05 191768 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-05-13 13:05 . 2014-05-13 13:05 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-05-13 13:05 . 2014-05-13 13:05 130328 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-05-13 13:04 . 2014-05-13 13:04 236312 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-05-13 13:04 . 2014-05-13 13:04 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-04-18 02:43 . 2014-04-18 02:43 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-04-18 02:42 . 2014-04-18 02:42 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-04-18 02:42 . 2014-04-18 02:42 117584 ----a-w- c:\windows\system32\atiu9p64.dll
2014-04-18 02:42 . 2014-04-18 02:42 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-04-18 02:42 . 2014-04-18 02:42 1343272 ----a-w- c:\windows\system32\aticfx64.dll
2014-04-18 02:42 . 2014-04-18 02:42 1117184 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-04-18 02:42 . 2014-04-18 02:42 10335208 ----a-w- c:\windows\system32\atidxx64.dll
2014-04-18 02:42 . 2014-04-18 02:42 8866928 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-04-18 02:42 . 2014-04-18 02:42 6796592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-04-18 02:42 . 2014-04-18 02:42 6799688 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-04-18 02:42 . 2014-04-18 02:42 7520200 ----a-w- c:\windows\system32\atiumd6a.dll
2014-04-18 02:42 . 2014-04-18 02:42 8010968 ----a-w- c:\windows\system32\atiumd64.dll
2014-04-18 02:39 . 2014-04-18 02:39 274656 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-04-18 02:36 . 2014-04-18 02:36 15376384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-04-18 02:23 . 2014-04-18 02:23 231424 ----a-w- c:\windows\system32\clinfo.exe
2014-04-18 02:22 . 2014-04-18 02:22 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2014-04-18 02:22 . 2014-04-18 02:22 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2014-04-18 02:22 . 2014-04-18 02:22 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2014-04-18 02:22 . 2014-04-18 02:22 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2014-04-18 02:22 . 2014-04-18 02:22 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-04-18 02:22 . 2014-04-18 02:22 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-04-18 02:22 . 2014-04-18 02:22 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-04-18 02:22 . 2014-04-18 02:22 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-04-18 02:22 . 2014-04-18 02:22 28685824 ----a-w- c:\windows\system32\amdocl64.dll
2014-04-18 02:19 . 2014-04-18 02:19 24107520 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-04-18 02:17 . 2014-04-18 02:17 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-04-18 02:17 . 2014-04-18 02:17 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-04-18 02:13 . 2014-04-18 02:13 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-04-18 02:13 . 2014-04-18 02:13 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-04-18 02:12 . 2014-04-18 02:12 27907584 ----a-w- c:\windows\system32\atio6axx.dll
2014-04-18 02:12 . 2014-04-18 02:12 5442048 ----a-w- c:\windows\system32\amdmantle64.dll
2014-04-18 01:58 . 2014-04-18 01:58 4358656 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-04-18 01:51 . 2014-04-18 01:51 23409152 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-04-18 01:46 . 2014-04-18 01:46 368128 ----a-w- c:\windows\system32\atiapfxx.exe
2014-04-18 01:46 . 2014-04-18 01:46 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-04-18 01:46 . 2014-04-18 01:46 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-04-18 01:46 . 2014-04-18 01:46 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-04-18 01:46 . 2014-04-18 01:46 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-04-18 01:46 . 2014-04-18 01:46 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-04-18 01:45 . 2014-04-18 01:45 91136 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-04-18 01:45 . 2014-04-18 01:45 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-04-18 01:42 . 2014-04-18 01:42 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-04-18 01:33 . 2014-04-18 01:33 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-04-18 01:33 . 2014-04-18 01:33 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-04-18 01:30 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-04-18 01:30 . 2014-04-18 01:30 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-04-18 01:29 . 2014-04-18 01:29 586240 ----a-w- c:\windows\system32\atieclxx.exe
2014-04-18 01:29 . 2014-04-18 01:29 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-04-18 01:28 . 2014-04-18 01:28 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-04-18 01:21 . 2014-04-18 01:21 806912 ----a-w- c:\windows\system32\coinst_14.100.dll
2014-04-18 01:09 . 2014-04-18 01:09 1177600 ----a-w- c:\windows\system32\atiadlxx.dll
2014-04-18 01:09 . 2014-04-18 01:09 848896 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-04-18 01:07 . 2014-04-18 01:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-04-18 01:07 . 2014-04-18 01:07 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 638976 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-04-18 01:04 . 2014-04-18 01:04 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-04-17 21:33 . 2014-04-17 21:33 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-04-17 21:28 . 2014-04-17 21:28 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-03-31 08:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2012-07-03 14:41 . 2012-09-01 19:00 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programs\Daemon tools\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="d:\programs\Webcam\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
"AVG_UI"="a:\avg\avgui.exe" [2014-05-13 5181456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 AVGIDSAgent;AVGIDSAgent;a:\avg\avgidsagent.exe;a:\avg\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys;c:\windows\SYSNATIVE\drivers\danew.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;a:\avg\avgwdsvc.exe;a:\avg\avgwdsvc.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20 15:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 85.91.1.128 85.91.1.130
FF - ProfilePath - c:\users\Misko\AppData\Roaming\Mozilla\Firefox\Profiles\ca65456g.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-20 18:38:50
ComboFix-quarantined-files.txt 2014-06-20 17:38
.
Pre-Run: 32 530 571 264 bytes free
Post-Run: 32 581 525 504 bytes free
.
- - End Of File - - 51F673247EE68879BF0BBBD94EDEEBF4
A36C5E4F47E84449FF07ED3517B43A31
# AdwCleaner v3.212 - Report created 20/06/2014 at 00:50:06
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Misko - MISKO-PC
# Running from : A:\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v30.0 (sk)
[ File : C:\Users\Misko\AppData\Roaming\Mozilla\Firefox\Profiles\yn4l5qs3.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1444 octets] - [20/06/2014 00:41:59]
AdwCleaner[R1].txt - [669 octets] - [20/06/2014 00:50:06]
AdwCleaner[S0].txt - [1527 octets] - [20/06/2014 00:43:37]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [788 octets] ##########
A tu je log z ComboFix
ComboFix 14-06-19.01 - Misko . 06. 2014 18:32:32.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8173.6414 [GMT 1:00]
Running from: c:\users\Misko\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
A:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-05-20 to 2014-06-20 )))))))))))))))))))))))))))))))
.
.
2014-06-20 16:06 . 2014-06-20 16:06 -------- d-----w- c:\programdata\RogueKiller
2014-06-20 15:10 . 2014-06-20 15:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-20 15:10 . 2014-06-20 15:10 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-20 14:56 . 2014-06-20 14:56 -------- d-----w- c:\users\Misko\AppData\Roaming\AVG
2014-06-20 14:56 . 2014-06-20 14:56 -------- d-----w- c:\users\Misko\AppData\Local\AVG
2014-06-20 14:53 . 2014-06-20 14:58 -------- d-----w- c:\programdata\AVG
2014-06-20 14:53 . 2014-06-20 15:01 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-20 13:55 . 2014-06-20 13:55 -------- d-----w- c:\users\Misko\AppData\Roaming\TuneUp Software
2014-06-20 13:55 . 2014-06-20 13:55 -------- d-----w- C:\$AVG
2014-06-20 13:52 . 2014-06-20 14:48 -------- d-----w- c:\programdata\MFAData
2014-06-20 13:52 . 2014-06-20 14:10 -------- d-----w- c:\users\Misko\AppData\Local\Avg2014
2014-06-20 13:52 . 2014-06-20 13:52 -------- d--h--w- c:\programdata\Common Files
2014-06-20 13:52 . 2014-06-20 13:52 -------- d-----w- c:\users\Misko\AppData\Local\MFAData
2014-06-19 23:41 . 2014-06-20 13:33 -------- d-----w- C:\AdwCleaner
2014-06-19 21:07 . 2014-06-19 21:07 -------- d-----w- C:\rsit
2014-06-19 21:07 . 2014-06-19 21:07 -------- d-----w- c:\program files\trend micro
2014-06-09 18:49 . 2014-06-09 18:49 -------- d-----w- c:\users\Misko\AppData\Roaming\Injustice
2014-06-07 02:22 . 2014-06-08 17:37 -------- d-----w- c:\users\Misko\.chatty
2014-06-03 21:59 . 2014-06-19 19:47 -------- d-----w- c:\users\Misko\AppData\Local\NCSOFT
2014-06-03 21:59 . 2014-06-03 21:59 -------- d-----w- c:\users\Misko\AppData\Roaming\NCSOFT
2014-06-01 00:23 . 2014-06-01 00:23 -------- d-----w- c:\users\Misko\AppData\Roaming\MotioninJoy
2014-06-01 00:23 . 2014-06-01 00:23 -------- d-----w- c:\program files\MotioninJoy
2014-06-01 00:23 . 2012-05-12 11:31 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2014-06-01 00:23 . 2011-12-07 18:42 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2014-06-01 00:23 . 2011-12-07 18:42 328712 ----a-w- c:\windows\system32\MijFrc.dll
2014-06-01 00:23 . 2011-12-07 18:42 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-05-31 04:17 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DB22473-847B-4785-A6C4-06DD9C5C167E}\mpengine.dll
2014-05-25 02:21 . 2014-05-25 02:21 -------- d-----w- c:\users\Misko\AppData\Roaming\Ubisoft
2014-05-25 02:13 . 2014-05-25 02:13 -------- d-----w- c:\programdata\Ubisoft
2014-05-24 11:42 . 2014-05-24 11:42 -------- d-----w- c:\users\Misko\AppData\Local\Ubisoft Game Launcher
2014-05-22 01:46 . 2014-05-22 01:46 -------- d-----w- c:\users\Misko\AppData\Roaming\ATI
2014-05-22 01:46 . 2014-05-22 01:46 -------- d-----w- c:\users\Misko\AppData\Local\ATI
2014-05-22 01:46 . 2014-05-22 01:46 -------- d-----w- c:\programdata\ATI
2014-05-22 01:46 . 2014-05-22 01:46 0 ----a-w- c:\windows\ativpsrm.bin
2014-05-22 01:45 . 2014-05-22 01:45 -------- d-----w- c:\program files (x86)\AMD AVT
2014-05-22 01:45 . 2014-05-22 01:45 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-05-22 01:44 . 2014-05-22 01:44 -------- d-----w- c:\program files\AMD
2014-05-22 01:43 . 2014-05-22 01:43 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-05-22 01:43 . 2014-05-22 01:43 -------- d-----w- c:\program files (x86)\ATI Technologies
2014-05-22 01:42 . 2014-05-22 01:42 -------- d-----w- c:\program files\ATI
2014-05-22 01:40 . 2014-05-22 01:44 -------- d-----w- c:\program files\ATI Technologies
2014-05-22 00:51 . 2014-05-22 00:51 -------- d-----w- c:\programdata\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 16:12 . 2013-10-31 20:07 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-15 16:12 . 2012-03-27 17:55 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-05-13 21:52 . 2011-12-13 23:37 6656 ----a-w- c:\windows\system32\lpcio.dll
2014-05-13 13:20 . 2014-05-13 13:20 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-05-13 13:20 . 2014-05-13 13:20 273176 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-05-13 13:06 . 2014-05-13 13:06 323352 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-05-13 13:05 . 2014-05-13 13:05 191768 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-05-13 13:05 . 2014-05-13 13:05 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-05-13 13:05 . 2014-05-13 13:05 130328 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-05-13 13:04 . 2014-05-13 13:04 236312 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-05-13 13:04 . 2014-05-13 13:04 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-04-18 02:43 . 2014-04-18 02:43 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-04-18 02:42 . 2014-04-18 02:42 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-04-18 02:42 . 2014-04-18 02:42 117584 ----a-w- c:\windows\system32\atiu9p64.dll
2014-04-18 02:42 . 2014-04-18 02:42 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-04-18 02:42 . 2014-04-18 02:42 1343272 ----a-w- c:\windows\system32\aticfx64.dll
2014-04-18 02:42 . 2014-04-18 02:42 1117184 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-04-18 02:42 . 2014-04-18 02:42 10335208 ----a-w- c:\windows\system32\atidxx64.dll
2014-04-18 02:42 . 2014-04-18 02:42 8866928 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-04-18 02:42 . 2014-04-18 02:42 6796592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-04-18 02:42 . 2014-04-18 02:42 6799688 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-04-18 02:42 . 2014-04-18 02:42 7520200 ----a-w- c:\windows\system32\atiumd6a.dll
2014-04-18 02:42 . 2014-04-18 02:42 8010968 ----a-w- c:\windows\system32\atiumd64.dll
2014-04-18 02:39 . 2014-04-18 02:39 274656 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-04-18 02:36 . 2014-04-18 02:36 15376384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-04-18 02:23 . 2014-04-18 02:23 231424 ----a-w- c:\windows\system32\clinfo.exe
2014-04-18 02:22 . 2014-04-18 02:22 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2014-04-18 02:22 . 2014-04-18 02:22 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2014-04-18 02:22 . 2014-04-18 02:22 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2014-04-18 02:22 . 2014-04-18 02:22 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2014-04-18 02:22 . 2014-04-18 02:22 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-04-18 02:22 . 2014-04-18 02:22 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-04-18 02:22 . 2014-04-18 02:22 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-04-18 02:22 . 2014-04-18 02:22 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-04-18 02:22 . 2014-04-18 02:22 28685824 ----a-w- c:\windows\system32\amdocl64.dll
2014-04-18 02:19 . 2014-04-18 02:19 24107520 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-04-18 02:17 . 2014-04-18 02:17 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-04-18 02:17 . 2014-04-18 02:17 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-04-18 02:13 . 2014-04-18 02:13 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-04-18 02:13 . 2014-04-18 02:13 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-04-18 02:12 . 2014-04-18 02:12 27907584 ----a-w- c:\windows\system32\atio6axx.dll
2014-04-18 02:12 . 2014-04-18 02:12 5442048 ----a-w- c:\windows\system32\amdmantle64.dll
2014-04-18 01:58 . 2014-04-18 01:58 4358656 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-04-18 01:51 . 2014-04-18 01:51 23409152 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-04-18 01:46 . 2014-04-18 01:46 368128 ----a-w- c:\windows\system32\atiapfxx.exe
2014-04-18 01:46 . 2014-04-18 01:46 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-04-18 01:46 . 2014-04-18 01:46 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-04-18 01:46 . 2014-04-18 01:46 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-04-18 01:46 . 2014-04-18 01:46 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-04-18 01:46 . 2014-04-18 01:46 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-04-18 01:45 . 2014-04-18 01:45 91136 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-04-18 01:45 . 2014-04-18 01:45 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-04-18 01:42 . 2014-04-18 01:42 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-04-18 01:33 . 2014-04-18 01:33 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-04-18 01:33 . 2014-04-18 01:33 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-04-18 01:30 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-04-18 01:30 . 2014-04-18 01:30 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-04-18 01:29 . 2014-04-18 01:29 586240 ----a-w- c:\windows\system32\atieclxx.exe
2014-04-18 01:29 . 2014-04-18 01:29 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-04-18 01:28 . 2014-04-18 01:28 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-04-18 01:21 . 2014-04-18 01:21 806912 ----a-w- c:\windows\system32\coinst_14.100.dll
2014-04-18 01:09 . 2014-04-18 01:09 1177600 ----a-w- c:\windows\system32\atiadlxx.dll
2014-04-18 01:09 . 2014-04-18 01:09 848896 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-04-18 01:07 . 2014-04-18 01:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-04-18 01:07 . 2014-04-18 01:07 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 638976 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-04-18 01:04 . 2014-04-18 01:04 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-04-17 21:33 . 2014-04-17 21:33 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-04-17 21:28 . 2014-04-17 21:28 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-03-31 08:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2012-07-03 14:41 . 2012-09-01 19:00 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programs\Daemon tools\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="d:\programs\Webcam\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
"AVG_UI"="a:\avg\avgui.exe" [2014-05-13 5181456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 AVGIDSAgent;AVGIDSAgent;a:\avg\avgidsagent.exe;a:\avg\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys;c:\windows\SYSNATIVE\drivers\danew.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;a:\avg\avgwdsvc.exe;a:\avg\avgwdsvc.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20 15:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 85.91.1.128 85.91.1.130
FF - ProfilePath - c:\users\Misko\AppData\Roaming\Mozilla\Firefox\Profiles\ca65456g.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-20 18:38:50
ComboFix-quarantined-files.txt 2014-06-20 17:38
.
Pre-Run: 32 530 571 264 bytes free
Post-Run: 32 581 525 504 bytes free
.
- - End Of File - - 51F673247EE68879BF0BBBD94EDEEBF4
A36C5E4F47E84449FF07ED3517B43A31
Re: Malware v pc ? Prosim o radu
skazatoN píše:Avg preto lebo som cital ze je lepsi nez Avast.
Vtip roku 
Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
KillAll::
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
Regnull::
[HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Driver::
SkypeUpdate
Reboot::Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Malware v pc ? Prosim o radu
A som kontroloval avgckom pc a naslo mi pri 4 crackoch na hry trojana. Ako sa da zistit ci to je len false positive ? A tu je ten log z CF
ComboFix 14-06-19.01 - Misko . 06. 2014 22:42:56.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8173.6231 [GMT 1:00]
Running from: c:\users\Misko\Desktop\ComboFix.exe
Command switches used :: c:\users\Misko\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2014-05-20 to 2014-06-20 )))))))))))))))))))))))))))))))
.
.
2014-06-20 21:47 . 2014-06-20 21:47 -------- d-----w- c:\users\NA\AppData\Local\temp
2014-06-20 21:47 . 2014-06-20 21:47 -------- d-----w- c:\users\Mcx1-MISKO-PC\AppData\Local\temp
2014-06-20 16:06 . 2014-06-20 16:06 -------- d-----w- c:\programdata\RogueKiller
2014-06-20 15:10 . 2014-06-20 15:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-20 15:10 . 2014-06-20 15:10 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-20 14:56 . 2014-06-20 14:56 -------- d-----w- c:\users\Misko\AppData\Roaming\AVG
2014-06-20 14:56 . 2014-06-20 14:56 -------- d-----w- c:\users\Misko\AppData\Local\AVG
2014-06-20 14:53 . 2014-06-20 14:58 -------- d-----w- c:\programdata\AVG
2014-06-20 14:53 . 2014-06-20 15:01 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-20 13:55 . 2014-06-20 13:55 -------- d-----w- c:\users\Misko\AppData\Roaming\TuneUp Software
2014-06-20 13:55 . 2014-06-20 13:55 -------- d-----w- C:\$AVG
2014-06-20 13:52 . 2014-06-20 17:52 -------- d-----w- c:\programdata\MFAData
2014-06-20 13:52 . 2014-06-20 14:10 -------- d-----w- c:\users\Misko\AppData\Local\Avg2014
2014-06-20 13:52 . 2014-06-20 13:52 -------- d--h--w- c:\programdata\Common Files
2014-06-20 13:52 . 2014-06-20 13:52 -------- d-----w- c:\users\Misko\AppData\Local\MFAData
2014-06-19 23:41 . 2014-06-20 13:33 -------- d-----w- C:\AdwCleaner
2014-06-19 21:07 . 2014-06-19 21:07 -------- d-----w- C:\rsit
2014-06-19 21:07 . 2014-06-19 21:07 -------- d-----w- c:\program files\trend micro
2014-06-09 18:49 . 2014-06-09 18:49 -------- d-----w- c:\users\Misko\AppData\Roaming\Injustice
2014-06-07 02:22 . 2014-06-08 17:37 -------- d-----w- c:\users\Misko\.chatty
2014-06-03 21:59 . 2014-06-19 19:47 -------- d-----w- c:\users\Misko\AppData\Local\NCSOFT
2014-06-03 21:59 . 2014-06-03 21:59 -------- d-----w- c:\users\Misko\AppData\Roaming\NCSOFT
2014-06-01 00:23 . 2014-06-01 00:23 -------- d-----w- c:\users\Misko\AppData\Roaming\MotioninJoy
2014-06-01 00:23 . 2014-06-01 00:23 -------- d-----w- c:\program files\MotioninJoy
2014-06-01 00:23 . 2012-05-12 11:31 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2014-06-01 00:23 . 2011-12-07 18:42 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2014-06-01 00:23 . 2011-12-07 18:42 328712 ----a-w- c:\windows\system32\MijFrc.dll
2014-06-01 00:23 . 2011-12-07 18:42 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-05-31 04:17 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DB22473-847B-4785-A6C4-06DD9C5C167E}\mpengine.dll
2014-05-25 02:21 . 2014-05-25 02:21 -------- d-----w- c:\users\Misko\AppData\Roaming\Ubisoft
2014-05-25 02:13 . 2014-05-25 02:13 -------- d-----w- c:\programdata\Ubisoft
2014-05-24 11:42 . 2014-05-24 11:42 -------- d-----w- c:\users\Misko\AppData\Local\Ubisoft Game Launcher
2014-05-22 01:46 . 2014-05-22 01:46 -------- d-----w- c:\users\Misko\AppData\Roaming\ATI
2014-05-22 01:46 . 2014-05-22 01:46 -------- d-----w- c:\users\Misko\AppData\Local\ATI
2014-05-22 01:46 . 2014-05-22 01:46 -------- d-----w- c:\programdata\ATI
2014-05-22 01:46 . 2014-05-22 01:46 0 ----a-w- c:\windows\ativpsrm.bin
2014-05-22 01:45 . 2014-05-22 01:45 -------- d-----w- c:\program files (x86)\AMD AVT
2014-05-22 01:45 . 2014-05-22 01:45 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-05-22 01:44 . 2014-05-22 01:44 -------- d-----w- c:\program files\AMD
2014-05-22 01:43 . 2014-05-22 01:43 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-05-22 01:43 . 2014-05-22 01:43 -------- d-----w- c:\program files (x86)\ATI Technologies
2014-05-22 01:42 . 2014-05-22 01:42 -------- d-----w- c:\program files\ATI
2014-05-22 01:40 . 2014-05-22 01:44 -------- d-----w- c:\program files\ATI Technologies
2014-05-22 00:51 . 2014-05-22 00:51 -------- d-----w- c:\programdata\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 16:12 . 2013-10-31 20:07 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-15 16:12 . 2012-03-27 17:55 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-05-13 21:52 . 2011-12-13 23:37 6656 ----a-w- c:\windows\system32\lpcio.dll
2014-05-13 13:20 . 2014-05-13 13:20 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-05-13 13:20 . 2014-05-13 13:20 273176 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-05-13 13:06 . 2014-05-13 13:06 323352 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-05-13 13:05 . 2014-05-13 13:05 191768 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-05-13 13:05 . 2014-05-13 13:05 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-05-13 13:05 . 2014-05-13 13:05 130328 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-05-13 13:04 . 2014-05-13 13:04 236312 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-05-13 13:04 . 2014-05-13 13:04 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-04-18 02:43 . 2014-04-18 02:43 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-04-18 02:42 . 2014-04-18 02:42 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-04-18 02:42 . 2014-04-18 02:42 117584 ----a-w- c:\windows\system32\atiu9p64.dll
2014-04-18 02:42 . 2014-04-18 02:42 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-04-18 02:42 . 2014-04-18 02:42 1343272 ----a-w- c:\windows\system32\aticfx64.dll
2014-04-18 02:42 . 2014-04-18 02:42 1117184 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-04-18 02:42 . 2014-04-18 02:42 10335208 ----a-w- c:\windows\system32\atidxx64.dll
2014-04-18 02:42 . 2014-04-18 02:42 8866928 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-04-18 02:42 . 2014-04-18 02:42 6796592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-04-18 02:42 . 2014-04-18 02:42 6799688 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-04-18 02:42 . 2014-04-18 02:42 7520200 ----a-w- c:\windows\system32\atiumd6a.dll
2014-04-18 02:42 . 2014-04-18 02:42 8010968 ----a-w- c:\windows\system32\atiumd64.dll
2014-04-18 02:39 . 2014-04-18 02:39 274656 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-04-18 02:36 . 2014-04-18 02:36 15376384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-04-18 02:23 . 2014-04-18 02:23 231424 ----a-w- c:\windows\system32\clinfo.exe
2014-04-18 02:22 . 2014-04-18 02:22 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2014-04-18 02:22 . 2014-04-18 02:22 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2014-04-18 02:22 . 2014-04-18 02:22 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2014-04-18 02:22 . 2014-04-18 02:22 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2014-04-18 02:22 . 2014-04-18 02:22 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-04-18 02:22 . 2014-04-18 02:22 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-04-18 02:22 . 2014-04-18 02:22 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-04-18 02:22 . 2014-04-18 02:22 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-04-18 02:22 . 2014-04-18 02:22 28685824 ----a-w- c:\windows\system32\amdocl64.dll
2014-04-18 02:19 . 2014-04-18 02:19 24107520 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-04-18 02:17 . 2014-04-18 02:17 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-04-18 02:17 . 2014-04-18 02:17 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-04-18 02:13 . 2014-04-18 02:13 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-04-18 02:13 . 2014-04-18 02:13 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-04-18 02:12 . 2014-04-18 02:12 27907584 ----a-w- c:\windows\system32\atio6axx.dll
2014-04-18 02:12 . 2014-04-18 02:12 5442048 ----a-w- c:\windows\system32\amdmantle64.dll
2014-04-18 01:58 . 2014-04-18 01:58 4358656 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-04-18 01:51 . 2014-04-18 01:51 23409152 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-04-18 01:46 . 2014-04-18 01:46 368128 ----a-w- c:\windows\system32\atiapfxx.exe
2014-04-18 01:46 . 2014-04-18 01:46 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-04-18 01:46 . 2014-04-18 01:46 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-04-18 01:46 . 2014-04-18 01:46 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-04-18 01:46 . 2014-04-18 01:46 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-04-18 01:46 . 2014-04-18 01:46 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-04-18 01:45 . 2014-04-18 01:45 91136 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-04-18 01:45 . 2014-04-18 01:45 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-04-18 01:42 . 2014-04-18 01:42 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-04-18 01:33 . 2014-04-18 01:33 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-04-18 01:33 . 2014-04-18 01:33 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-04-18 01:30 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-04-18 01:30 . 2014-04-18 01:30 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-04-18 01:29 . 2014-04-18 01:29 586240 ----a-w- c:\windows\system32\atieclxx.exe
2014-04-18 01:29 . 2014-04-18 01:29 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-04-18 01:28 . 2014-04-18 01:28 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-04-18 01:21 . 2014-04-18 01:21 806912 ----a-w- c:\windows\system32\coinst_14.100.dll
2014-04-18 01:09 . 2014-04-18 01:09 1177600 ----a-w- c:\windows\system32\atiadlxx.dll
2014-04-18 01:09 . 2014-04-18 01:09 848896 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-04-18 01:07 . 2014-04-18 01:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-04-18 01:07 . 2014-04-18 01:07 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 638976 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-04-18 01:04 . 2014-04-18 01:04 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-04-17 21:33 . 2014-04-17 21:33 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-04-17 21:28 . 2014-04-17 21:28 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-03-31 08:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2012-07-03 14:41 . 2012-09-01 19:00 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="d:\programs\Webcam\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
"AVG_UI"="a:\avg\avgui.exe" [2014-05-13 5181456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys;c:\windows\SYSNATIVE\drivers\danew.sys [x]
R3 ESEADriver2;ESEADriver2;c:\users\Misko\AppData\Local\Temp\ESEADriver2.sys;c:\users\Misko\AppData\Local\Temp\ESEADriver2.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;a:\avg\avgidsagent.exe;a:\avg\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;a:\avg\avgwdsvc.exe;a:\avg\avgwdsvc.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20 15:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 85.91.1.128 85.91.1.130
FF - ProfilePath - c:\users\Misko\AppData\Roaming\Mozilla\Firefox\Profiles\ca65456g.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2014-06-20 22:50:31 - machine was rebooted
ComboFix-quarantined-files.txt 2014-06-20 21:50
ComboFix2.txt 2014-06-20 17:38
.
Pre-Run: 32 793 702 400 bytes free
Post-Run: 32 562 352 128 bytes free
.
- - End Of File - - 530E64636D1FF7C6ED30D84B0E7B60F7
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-06-19.01 - Misko . 06. 2014 22:42:56.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8173.6231 [GMT 1:00]
Running from: c:\users\Misko\Desktop\ComboFix.exe
Command switches used :: c:\users\Misko\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2014-05-20 to 2014-06-20 )))))))))))))))))))))))))))))))
.
.
2014-06-20 21:47 . 2014-06-20 21:47 -------- d-----w- c:\users\NA\AppData\Local\temp
2014-06-20 21:47 . 2014-06-20 21:47 -------- d-----w- c:\users\Mcx1-MISKO-PC\AppData\Local\temp
2014-06-20 16:06 . 2014-06-20 16:06 -------- d-----w- c:\programdata\RogueKiller
2014-06-20 15:10 . 2014-06-20 15:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-20 15:10 . 2014-06-20 15:10 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-20 14:56 . 2014-06-20 14:56 -------- d-----w- c:\users\Misko\AppData\Roaming\AVG
2014-06-20 14:56 . 2014-06-20 14:56 -------- d-----w- c:\users\Misko\AppData\Local\AVG
2014-06-20 14:53 . 2014-06-20 14:58 -------- d-----w- c:\programdata\AVG
2014-06-20 14:53 . 2014-06-20 15:01 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-20 13:55 . 2014-06-20 13:55 -------- d-----w- c:\users\Misko\AppData\Roaming\TuneUp Software
2014-06-20 13:55 . 2014-06-20 13:55 -------- d-----w- C:\$AVG
2014-06-20 13:52 . 2014-06-20 17:52 -------- d-----w- c:\programdata\MFAData
2014-06-20 13:52 . 2014-06-20 14:10 -------- d-----w- c:\users\Misko\AppData\Local\Avg2014
2014-06-20 13:52 . 2014-06-20 13:52 -------- d--h--w- c:\programdata\Common Files
2014-06-20 13:52 . 2014-06-20 13:52 -------- d-----w- c:\users\Misko\AppData\Local\MFAData
2014-06-19 23:41 . 2014-06-20 13:33 -------- d-----w- C:\AdwCleaner
2014-06-19 21:07 . 2014-06-19 21:07 -------- d-----w- C:\rsit
2014-06-19 21:07 . 2014-06-19 21:07 -------- d-----w- c:\program files\trend micro
2014-06-09 18:49 . 2014-06-09 18:49 -------- d-----w- c:\users\Misko\AppData\Roaming\Injustice
2014-06-07 02:22 . 2014-06-08 17:37 -------- d-----w- c:\users\Misko\.chatty
2014-06-03 21:59 . 2014-06-19 19:47 -------- d-----w- c:\users\Misko\AppData\Local\NCSOFT
2014-06-03 21:59 . 2014-06-03 21:59 -------- d-----w- c:\users\Misko\AppData\Roaming\NCSOFT
2014-06-01 00:23 . 2014-06-01 00:23 -------- d-----w- c:\users\Misko\AppData\Roaming\MotioninJoy
2014-06-01 00:23 . 2014-06-01 00:23 -------- d-----w- c:\program files\MotioninJoy
2014-06-01 00:23 . 2012-05-12 11:31 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2014-06-01 00:23 . 2011-12-07 18:42 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2014-06-01 00:23 . 2011-12-07 18:42 328712 ----a-w- c:\windows\system32\MijFrc.dll
2014-06-01 00:23 . 2011-12-07 18:42 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-05-31 04:17 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DB22473-847B-4785-A6C4-06DD9C5C167E}\mpengine.dll
2014-05-25 02:21 . 2014-05-25 02:21 -------- d-----w- c:\users\Misko\AppData\Roaming\Ubisoft
2014-05-25 02:13 . 2014-05-25 02:13 -------- d-----w- c:\programdata\Ubisoft
2014-05-24 11:42 . 2014-05-24 11:42 -------- d-----w- c:\users\Misko\AppData\Local\Ubisoft Game Launcher
2014-05-22 01:46 . 2014-05-22 01:46 -------- d-----w- c:\users\Misko\AppData\Roaming\ATI
2014-05-22 01:46 . 2014-05-22 01:46 -------- d-----w- c:\users\Misko\AppData\Local\ATI
2014-05-22 01:46 . 2014-05-22 01:46 -------- d-----w- c:\programdata\ATI
2014-05-22 01:46 . 2014-05-22 01:46 0 ----a-w- c:\windows\ativpsrm.bin
2014-05-22 01:45 . 2014-05-22 01:45 -------- d-----w- c:\program files (x86)\AMD AVT
2014-05-22 01:45 . 2014-05-22 01:45 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-05-22 01:44 . 2014-05-22 01:44 -------- d-----w- c:\program files\AMD
2014-05-22 01:43 . 2014-05-22 01:43 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-05-22 01:43 . 2014-05-22 01:43 -------- d-----w- c:\program files (x86)\ATI Technologies
2014-05-22 01:42 . 2014-05-22 01:42 -------- d-----w- c:\program files\ATI
2014-05-22 01:40 . 2014-05-22 01:44 -------- d-----w- c:\program files\ATI Technologies
2014-05-22 00:51 . 2014-05-22 00:51 -------- d-----w- c:\programdata\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 16:12 . 2013-10-31 20:07 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-15 16:12 . 2012-03-27 17:55 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-05-13 21:52 . 2011-12-13 23:37 6656 ----a-w- c:\windows\system32\lpcio.dll
2014-05-13 13:20 . 2014-05-13 13:20 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-05-13 13:20 . 2014-05-13 13:20 273176 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-05-13 13:06 . 2014-05-13 13:06 323352 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-05-13 13:05 . 2014-05-13 13:05 191768 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-05-13 13:05 . 2014-05-13 13:05 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-05-13 13:05 . 2014-05-13 13:05 130328 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-05-13 13:04 . 2014-05-13 13:04 236312 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-05-13 13:04 . 2014-05-13 13:04 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-04-18 02:43 . 2014-04-18 02:43 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-04-18 02:42 . 2014-04-18 02:42 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-04-18 02:42 . 2014-04-18 02:42 117584 ----a-w- c:\windows\system32\atiu9p64.dll
2014-04-18 02:42 . 2014-04-18 02:42 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-04-18 02:42 . 2014-04-18 02:42 1343272 ----a-w- c:\windows\system32\aticfx64.dll
2014-04-18 02:42 . 2014-04-18 02:42 1117184 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-04-18 02:42 . 2014-04-18 02:42 10335208 ----a-w- c:\windows\system32\atidxx64.dll
2014-04-18 02:42 . 2014-04-18 02:42 8866928 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-04-18 02:42 . 2014-04-18 02:42 6796592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-04-18 02:42 . 2014-04-18 02:42 6799688 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-04-18 02:42 . 2014-04-18 02:42 7520200 ----a-w- c:\windows\system32\atiumd6a.dll
2014-04-18 02:42 . 2014-04-18 02:42 8010968 ----a-w- c:\windows\system32\atiumd64.dll
2014-04-18 02:39 . 2014-04-18 02:39 274656 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-04-18 02:36 . 2014-04-18 02:36 15376384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-04-18 02:23 . 2014-04-18 02:23 231424 ----a-w- c:\windows\system32\clinfo.exe
2014-04-18 02:22 . 2014-04-18 02:22 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2014-04-18 02:22 . 2014-04-18 02:22 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2014-04-18 02:22 . 2014-04-18 02:22 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2014-04-18 02:22 . 2014-04-18 02:22 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2014-04-18 02:22 . 2014-04-18 02:22 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-04-18 02:22 . 2014-04-18 02:22 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-04-18 02:22 . 2014-04-18 02:22 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-04-18 02:22 . 2014-04-18 02:22 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-04-18 02:22 . 2014-04-18 02:22 28685824 ----a-w- c:\windows\system32\amdocl64.dll
2014-04-18 02:19 . 2014-04-18 02:19 24107520 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-04-18 02:17 . 2014-04-18 02:17 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-04-18 02:17 . 2014-04-18 02:17 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-04-18 02:13 . 2014-04-18 02:13 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-04-18 02:13 . 2014-04-18 02:13 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-04-18 02:12 . 2014-04-18 02:12 27907584 ----a-w- c:\windows\system32\atio6axx.dll
2014-04-18 02:12 . 2014-04-18 02:12 5442048 ----a-w- c:\windows\system32\amdmantle64.dll
2014-04-18 01:58 . 2014-04-18 01:58 4358656 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-04-18 01:51 . 2014-04-18 01:51 23409152 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-04-18 01:46 . 2014-04-18 01:46 368128 ----a-w- c:\windows\system32\atiapfxx.exe
2014-04-18 01:46 . 2014-04-18 01:46 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-04-18 01:46 . 2014-04-18 01:46 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-04-18 01:46 . 2014-04-18 01:46 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-04-18 01:46 . 2014-04-18 01:46 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-04-18 01:46 . 2014-04-18 01:46 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-04-18 01:45 . 2014-04-18 01:45 91136 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-04-18 01:45 . 2014-04-18 01:45 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-04-18 01:42 . 2014-04-18 01:42 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-04-18 01:33 . 2014-04-18 01:33 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-04-18 01:33 . 2014-04-18 01:33 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-04-18 01:30 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-04-18 01:30 . 2014-04-18 01:30 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-04-18 01:29 . 2014-04-18 01:29 586240 ----a-w- c:\windows\system32\atieclxx.exe
2014-04-18 01:29 . 2014-04-18 01:29 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-04-18 01:28 . 2014-04-18 01:28 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-04-18 01:21 . 2014-04-18 01:21 806912 ----a-w- c:\windows\system32\coinst_14.100.dll
2014-04-18 01:09 . 2014-04-18 01:09 1177600 ----a-w- c:\windows\system32\atiadlxx.dll
2014-04-18 01:09 . 2014-04-18 01:09 848896 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-04-18 01:07 . 2014-04-18 01:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-04-18 01:07 . 2014-04-18 01:07 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 638976 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-04-18 01:04 . 2014-04-18 01:04 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-04-17 21:33 . 2014-04-17 21:33 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-04-17 21:28 . 2014-04-17 21:28 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-03-31 08:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2012-07-03 14:41 . 2012-09-01 19:00 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="d:\programs\Webcam\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
"AVG_UI"="a:\avg\avgui.exe" [2014-05-13 5181456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys;c:\windows\SYSNATIVE\drivers\danew.sys [x]
R3 ESEADriver2;ESEADriver2;c:\users\Misko\AppData\Local\Temp\ESEADriver2.sys;c:\users\Misko\AppData\Local\Temp\ESEADriver2.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;a:\avg\avgidsagent.exe;a:\avg\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;a:\avg\avgwdsvc.exe;a:\avg\avgwdsvc.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20 15:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 85.91.1.128 85.91.1.130
FF - ProfilePath - c:\users\Misko\AppData\Roaming\Mozilla\Firefox\Profiles\ca65456g.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2014-06-20 22:50:31 - machine was rebooted
ComboFix-quarantined-files.txt 2014-06-20 21:50
ComboFix2.txt 2014-06-20 17:38
.
Pre-Run: 32 793 702 400 bytes free
Post-Run: 32 562 352 128 bytes free
.
- - End Of File - - 530E64636D1FF7C6ED30D84B0E7B60F7
A36C5E4F47E84449FF07ED3517B43A31
Re: Malware v pc ? Prosim o radu
Nijak, cracky antiviry casto oznacuji jako havet a casto v nich byva nejaky darecek, takze pogram (hra) funguje, ale na pozadi to dela i neco jineho. No a analyzovat, jestli je to i tento pripad, vam u cracku asi nikdo nebudeskazatoN píše:Ako sa da zistit ci to je len false positive ?
Dejte novy log z RSITPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Malware v pc ? Prosim o radu
Logfile of random's system information tool 1.10 (written by random/random)
Run by Misko at 2014-06-21 14:03:22
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 31 GB (44%) free of 70 GB
Total RAM: 8173 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:03:23, on 21. 6. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
D:\Programs\Webcam\LWS\Webcam Software\LWS.exe
A:\avg\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Misko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [LWS] D:\Programs\Webcam\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_UI] "A:\avg\avgui.exe" /TRAYONLY
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - A:\avg\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - A:\avg\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESL Wire Helper Service (EslWireHelper) - Unknown owner - C:\Program Files\EslWire\service\WireHelperSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.6 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XMouseButton Launcher - Highresolution Enterprises - C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
--
End of file - 5438 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
a:\avg\avgrsa.exe /boot
A:\avg\avgcsrva.exe /pipeName=6d562130-8515-4a45-83eb-d1551bcec93b /coreSdkOptions=4382 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\a619db1e-f655-4d71-a9c3-743b75d82d23-1a0-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="A:\avg\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\" /logPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\log\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
A:\avg\avgidsagent.exe
A:\avg\avgwdsvc.exe
"C:\Program Files\EslWire\service\WireHelperSvc.exe"
"A:\avg\avgnsa.exe"
"A:\avg\avgemca.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"D:\Programs\Webcam\LWS\Webcam Software\LWS.exe" -hide
"A:\avg\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
ctfmon.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
/notportable /svclaunch
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
taskhost.exe $(Arg0)
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"A:\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Misko\AppData\Roaming\Mozilla\Firefox\Profiles\ca65456g.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.125 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.2]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.2]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.125 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-28 11905128]
"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LWS"=D:\Programs\Webcam\LWS\Webcam Software\LWS.exe [2012-09-13 204136]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-04-17 767200]
"AVG_UI"=A:\avg\avgui.exe [2014-05-13 5181456]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"MSVideo"=vfwwdm32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-06-20 22:50:33 ----D---- C:\Windows\temp
2014-06-20 22:50:32 ----A---- C:\ComboFix.txt
2014-06-20 22:48:41 ----D---- C:\$RECYCLE.BIN
2014-06-20 18:31:43 ----A---- C:\Windows\zip.exe
2014-06-20 18:31:43 ----A---- C:\Windows\SWSC.exe
2014-06-20 18:31:43 ----A---- C:\Windows\SWREG.exe
2014-06-20 18:31:43 ----A---- C:\Windows\sed.exe
2014-06-20 18:31:43 ----A---- C:\Windows\PEV.exe
2014-06-20 18:31:43 ----A---- C:\Windows\NIRCMD.exe
2014-06-20 18:31:43 ----A---- C:\Windows\MBR.exe
2014-06-20 18:31:43 ----A---- C:\Windows\grep.exe
2014-06-20 18:31:40 ----AD---- C:\Qoobox
2014-06-20 18:31:31 ----D---- C:\Windows\erdnt
2014-06-20 17:06:32 ----D---- C:\ProgramData\RogueKiller
2014-06-20 16:10:15 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-06-20 15:56:27 ----D---- C:\Users\Misko\AppData\Roaming\AVG
2014-06-20 15:53:57 ----D---- C:\ProgramData\AVG
2014-06-20 15:53:34 ----SHD---- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-20 14:56:19 ----D---- C:\Users\Misko\AppData\Roaming\AVG2014
2014-06-20 14:55:55 ----D---- C:\Users\Misko\AppData\Roaming\TuneUp Software
2014-06-20 14:55:40 ----D---- C:\ProgramData\AVG2014
2014-06-20 14:55:40 ----D---- C:\$AVG
2014-06-20 14:52:25 ----HD---- C:\ProgramData\Common Files
2014-06-20 14:52:25 ----D---- C:\ProgramData\MFAData
2014-06-20 00:41:50 ----D---- C:\AdwCleaner
2014-06-19 22:07:33 ----D---- C:\rsit
2014-06-19 22:07:33 ----D---- C:\Program Files\trend micro
2014-06-10 17:20:13 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-06-09 19:49:33 ----D---- C:\Users\Misko\AppData\Roaming\Injustice
2014-06-03 22:59:05 ----D---- C:\Users\Misko\AppData\Roaming\NCSOFT
2014-06-01 01:23:45 ----D---- C:\Users\Misko\AppData\Roaming\MotioninJoy
2014-06-01 01:23:42 ----D---- C:\Program Files\MotioninJoy
2014-06-01 01:23:42 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2014-06-01 01:23:42 ----A---- C:\Windows\system32\MijFrc.dll
2014-06-01 01:23:42 ----A---- C:\Windows\system32\drivers\xusb21.sys
2014-06-01 01:23:42 ----A---- C:\Windows\system32\drivers\MijXfilt.sys
2014-05-25 03:21:45 ----D---- C:\Users\Misko\AppData\Roaming\Ubisoft
2014-05-25 03:13:27 ----D---- C:\ProgramData\Ubisoft
2014-05-22 02:46:54 ----D---- C:\Users\Misko\AppData\Roaming\ATI
2014-05-22 02:46:54 ----D---- C:\ProgramData\ATI
2014-05-22 02:45:10 ----D---- C:\Program Files (x86)\AMD AVT
2014-05-22 02:44:08 ----D---- C:\Program Files\AMD
2014-05-22 02:43:51 ----D---- C:\Program Files\Common Files\ATI Technologies
2014-05-22 02:43:38 ----D---- C:\Program Files (x86)\ATI Technologies
2014-05-22 02:42:59 ----D---- C:\Program Files\ATI
2014-05-22 02:40:34 ----D---- C:\Program Files\ATI Technologies
2014-05-22 01:51:05 ----D---- C:\ProgramData\Steam
======List of files/folders modified in the last 1 month======
2014-06-20 23:44:24 ----D---- C:\Windows\Prefetch
2014-06-20 23:36:30 ----D---- C:\Windows\system32\config
2014-06-20 22:50:34 ----D---- C:\Windows\system32\drivers
2014-06-20 22:50:33 ----D---- C:\Windows
2014-06-20 22:48:42 ----A---- C:\Windows\system.ini
2014-06-20 22:48:39 ----D---- C:\Windows\system32\drivers\etc
2014-06-20 22:45:04 ----D---- C:\Windows\SYSWOW64\drivers
2014-06-20 22:45:04 ----D---- C:\Windows\SysWOW64
2014-06-20 22:45:04 ----D---- C:\Windows\AppPatch
2014-06-20 22:45:03 ----D---- C:\Program Files (x86)\Common Files
2014-06-20 21:40:42 ----SHD---- C:\System Volume Information
2014-06-20 17:31:06 ----D---- C:\Windows\System32
2014-06-20 17:31:06 ----D---- C:\Windows\inf
2014-06-20 17:31:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-20 17:06:32 ----D---- C:\ProgramData
2014-06-20 16:10:16 ----D---- C:\Windows\Tasks
2014-06-20 16:10:16 ----D---- C:\Windows\system32\Tasks
2014-06-20 16:07:37 ----SHD---- C:\Windows\Installer
2014-06-20 16:07:22 ----RD---- C:\Program Files (x86)
2014-06-20 01:13:48 ----D---- C:\Users\Misko\AppData\Roaming\Mozilla
2014-06-20 01:08:35 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-20 01:05:18 ----D---- C:\Program Files (x86)\Opera
2014-06-20 01:05:16 ----D---- C:\Users\Misko\AppData\Roaming\Opera Software
2014-06-20 00:49:35 ----A---- C:\Windows\wininit.ini
2014-06-20 00:49:34 ----SD---- C:\ProgramData\Microsoft
2014-06-20 00:49:34 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-06-19 22:54:07 ----D---- C:\ProgramData\Malwarebytes
2014-06-19 22:07:33 ----RD---- C:\Program Files
2014-06-19 21:14:12 ----D---- C:\Users\Misko\AppData\Roaming\DAEMON Tools Lite
2014-06-19 21:14:05 ----D---- C:\Users\Misko\AppData\Roaming\uTorrent
2014-06-19 21:14:05 ----D---- C:\Users\Misko\AppData\Roaming\TS3Client
2014-06-19 21:13:17 ----D---- C:\Windows\Logs
2014-06-19 20:50:40 ----D---- C:\Windows\SYSWOW64\Adobe
2014-06-19 20:39:30 ----D---- C:\ProgramData\Origin
2014-06-18 14:06:19 ----D---- C:\Windows\system32\catroot2
2014-06-18 04:48:50 ----RSD---- C:\Windows\assembly
2014-06-16 03:36:22 ----D---- C:\ProgramData\PMB Files
2014-06-14 04:32:26 ----D---- C:\Users\Misko\AppData\Roaming\Skype
2014-06-11 03:49:49 ----D---- C:\Users\Misko\AppData\Roaming\vlc
2014-06-04 20:47:27 ----D---- C:\Windows\system32\catroot
2014-06-04 20:47:26 ----D---- C:\Windows\system32\DriverStore
2014-05-31 12:33:24 ----D---- C:\ProgramData\Orbit
2014-05-25 03:10:14 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-05-22 02:56:44 ----D---- C:\Windows\Microsoft.NET
2014-05-22 02:45:11 ----D---- C:\ProgramData\AMD
2014-05-22 02:43:51 ----D---- C:\Program Files\Common Files
2014-05-22 02:43:25 ----D---- C:\ProgramData\Package Cache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-05-13 191768]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-05-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-05-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-05-13 31512]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2011-12-14 213888]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-05-13 152344]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-05-13 236312]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-05-13 235800]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-05-13 273176]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-28 283200]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
R2 ESLWireAC;ESLWireAC; \??\C:\Windows\system32\drivers\ESLWireACD.sys [2012-12-17 160784]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2012-05-30 16168]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-04-18 15376384]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-04-18 638976]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-28 2905832]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-09-21 351520]
R3 LVUVC64;Logitech HD Webcam C270(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-09-21 4763680]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2011-12-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 danewFltr;NewDeathAdder Mouse; C:\Windows\system32\drivers\danew.sys [2010-03-23 12032]
S3 ESEADriver2;ESEADriver2; \??\C:\Users\Misko\AppData\Local\Temp\ESEADriver2.sys []
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-02 66840]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-02 60696]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2011-09-02 42776]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver; C:\Windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VKbms;Razer Gaming Device; C:\Windows\system32\DRIVERS\VKbms.sys [2010-09-30 13312]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2011-12-07 74960]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-04-18 239616]
R2 AVGIDSAgent;AVGIDSAgent; A:\avg\avgidsagent.exe [2014-05-13 3644432]
R2 avgwd;AVG WatchDog; A:\avg\avgwdsvc.exe [2014-05-13 292424]
R2 EslWireHelper;ESL Wire Helper Service; C:\Program Files\EslWire\service\WireHelperSvc.exe [2012-12-17 678416]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-10-31 76888]
R2 XMouseButton Launcher;XMouseButton Launcher; C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2012-06-23 87040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20 262320]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-09 51648]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-05-29 543424]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.6; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-05-30 149544]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
-----------------EOF-----------------
Run by Misko at 2014-06-21 14:03:22
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 31 GB (44%) free of 70 GB
Total RAM: 8173 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:03:23, on 21. 6. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
D:\Programs\Webcam\LWS\Webcam Software\LWS.exe
A:\avg\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Misko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [LWS] D:\Programs\Webcam\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_UI] "A:\avg\avgui.exe" /TRAYONLY
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - A:\avg\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - A:\avg\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESL Wire Helper Service (EslWireHelper) - Unknown owner - C:\Program Files\EslWire\service\WireHelperSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.6 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XMouseButton Launcher - Highresolution Enterprises - C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
--
End of file - 5438 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
a:\avg\avgrsa.exe /boot
A:\avg\avgcsrva.exe /pipeName=6d562130-8515-4a45-83eb-d1551bcec93b /coreSdkOptions=4382 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\a619db1e-f655-4d71-a9c3-743b75d82d23-1a0-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="A:\avg\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\" /logPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\log\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
A:\avg\avgidsagent.exe
A:\avg\avgwdsvc.exe
"C:\Program Files\EslWire\service\WireHelperSvc.exe"
"A:\avg\avgnsa.exe"
"A:\avg\avgemca.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"D:\Programs\Webcam\LWS\Webcam Software\LWS.exe" -hide
"A:\avg\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
ctfmon.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
/notportable /svclaunch
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
taskhost.exe $(Arg0)
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"A:\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Misko\AppData\Roaming\Mozilla\Firefox\Profiles\ca65456g.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.125 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.2]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.2]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.125 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-28 11905128]
"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LWS"=D:\Programs\Webcam\LWS\Webcam Software\LWS.exe [2012-09-13 204136]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-04-17 767200]
"AVG_UI"=A:\avg\avgui.exe [2014-05-13 5181456]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"MSVideo"=vfwwdm32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-06-20 22:50:33 ----D---- C:\Windows\temp
2014-06-20 22:50:32 ----A---- C:\ComboFix.txt
2014-06-20 22:48:41 ----D---- C:\$RECYCLE.BIN
2014-06-20 18:31:43 ----A---- C:\Windows\zip.exe
2014-06-20 18:31:43 ----A---- C:\Windows\SWSC.exe
2014-06-20 18:31:43 ----A---- C:\Windows\SWREG.exe
2014-06-20 18:31:43 ----A---- C:\Windows\sed.exe
2014-06-20 18:31:43 ----A---- C:\Windows\PEV.exe
2014-06-20 18:31:43 ----A---- C:\Windows\NIRCMD.exe
2014-06-20 18:31:43 ----A---- C:\Windows\MBR.exe
2014-06-20 18:31:43 ----A---- C:\Windows\grep.exe
2014-06-20 18:31:40 ----AD---- C:\Qoobox
2014-06-20 18:31:31 ----D---- C:\Windows\erdnt
2014-06-20 17:06:32 ----D---- C:\ProgramData\RogueKiller
2014-06-20 16:10:15 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-06-20 15:56:27 ----D---- C:\Users\Misko\AppData\Roaming\AVG
2014-06-20 15:53:57 ----D---- C:\ProgramData\AVG
2014-06-20 15:53:34 ----SHD---- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-20 14:56:19 ----D---- C:\Users\Misko\AppData\Roaming\AVG2014
2014-06-20 14:55:55 ----D---- C:\Users\Misko\AppData\Roaming\TuneUp Software
2014-06-20 14:55:40 ----D---- C:\ProgramData\AVG2014
2014-06-20 14:55:40 ----D---- C:\$AVG
2014-06-20 14:52:25 ----HD---- C:\ProgramData\Common Files
2014-06-20 14:52:25 ----D---- C:\ProgramData\MFAData
2014-06-20 00:41:50 ----D---- C:\AdwCleaner
2014-06-19 22:07:33 ----D---- C:\rsit
2014-06-19 22:07:33 ----D---- C:\Program Files\trend micro
2014-06-10 17:20:13 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-06-09 19:49:33 ----D---- C:\Users\Misko\AppData\Roaming\Injustice
2014-06-03 22:59:05 ----D---- C:\Users\Misko\AppData\Roaming\NCSOFT
2014-06-01 01:23:45 ----D---- C:\Users\Misko\AppData\Roaming\MotioninJoy
2014-06-01 01:23:42 ----D---- C:\Program Files\MotioninJoy
2014-06-01 01:23:42 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2014-06-01 01:23:42 ----A---- C:\Windows\system32\MijFrc.dll
2014-06-01 01:23:42 ----A---- C:\Windows\system32\drivers\xusb21.sys
2014-06-01 01:23:42 ----A---- C:\Windows\system32\drivers\MijXfilt.sys
2014-05-25 03:21:45 ----D---- C:\Users\Misko\AppData\Roaming\Ubisoft
2014-05-25 03:13:27 ----D---- C:\ProgramData\Ubisoft
2014-05-22 02:46:54 ----D---- C:\Users\Misko\AppData\Roaming\ATI
2014-05-22 02:46:54 ----D---- C:\ProgramData\ATI
2014-05-22 02:45:10 ----D---- C:\Program Files (x86)\AMD AVT
2014-05-22 02:44:08 ----D---- C:\Program Files\AMD
2014-05-22 02:43:51 ----D---- C:\Program Files\Common Files\ATI Technologies
2014-05-22 02:43:38 ----D---- C:\Program Files (x86)\ATI Technologies
2014-05-22 02:42:59 ----D---- C:\Program Files\ATI
2014-05-22 02:40:34 ----D---- C:\Program Files\ATI Technologies
2014-05-22 01:51:05 ----D---- C:\ProgramData\Steam
======List of files/folders modified in the last 1 month======
2014-06-20 23:44:24 ----D---- C:\Windows\Prefetch
2014-06-20 23:36:30 ----D---- C:\Windows\system32\config
2014-06-20 22:50:34 ----D---- C:\Windows\system32\drivers
2014-06-20 22:50:33 ----D---- C:\Windows
2014-06-20 22:48:42 ----A---- C:\Windows\system.ini
2014-06-20 22:48:39 ----D---- C:\Windows\system32\drivers\etc
2014-06-20 22:45:04 ----D---- C:\Windows\SYSWOW64\drivers
2014-06-20 22:45:04 ----D---- C:\Windows\SysWOW64
2014-06-20 22:45:04 ----D---- C:\Windows\AppPatch
2014-06-20 22:45:03 ----D---- C:\Program Files (x86)\Common Files
2014-06-20 21:40:42 ----SHD---- C:\System Volume Information
2014-06-20 17:31:06 ----D---- C:\Windows\System32
2014-06-20 17:31:06 ----D---- C:\Windows\inf
2014-06-20 17:31:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-20 17:06:32 ----D---- C:\ProgramData
2014-06-20 16:10:16 ----D---- C:\Windows\Tasks
2014-06-20 16:10:16 ----D---- C:\Windows\system32\Tasks
2014-06-20 16:07:37 ----SHD---- C:\Windows\Installer
2014-06-20 16:07:22 ----RD---- C:\Program Files (x86)
2014-06-20 01:13:48 ----D---- C:\Users\Misko\AppData\Roaming\Mozilla
2014-06-20 01:08:35 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-20 01:05:18 ----D---- C:\Program Files (x86)\Opera
2014-06-20 01:05:16 ----D---- C:\Users\Misko\AppData\Roaming\Opera Software
2014-06-20 00:49:35 ----A---- C:\Windows\wininit.ini
2014-06-20 00:49:34 ----SD---- C:\ProgramData\Microsoft
2014-06-20 00:49:34 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-06-19 22:54:07 ----D---- C:\ProgramData\Malwarebytes
2014-06-19 22:07:33 ----RD---- C:\Program Files
2014-06-19 21:14:12 ----D---- C:\Users\Misko\AppData\Roaming\DAEMON Tools Lite
2014-06-19 21:14:05 ----D---- C:\Users\Misko\AppData\Roaming\uTorrent
2014-06-19 21:14:05 ----D---- C:\Users\Misko\AppData\Roaming\TS3Client
2014-06-19 21:13:17 ----D---- C:\Windows\Logs
2014-06-19 20:50:40 ----D---- C:\Windows\SYSWOW64\Adobe
2014-06-19 20:39:30 ----D---- C:\ProgramData\Origin
2014-06-18 14:06:19 ----D---- C:\Windows\system32\catroot2
2014-06-18 04:48:50 ----RSD---- C:\Windows\assembly
2014-06-16 03:36:22 ----D---- C:\ProgramData\PMB Files
2014-06-14 04:32:26 ----D---- C:\Users\Misko\AppData\Roaming\Skype
2014-06-11 03:49:49 ----D---- C:\Users\Misko\AppData\Roaming\vlc
2014-06-04 20:47:27 ----D---- C:\Windows\system32\catroot
2014-06-04 20:47:26 ----D---- C:\Windows\system32\DriverStore
2014-05-31 12:33:24 ----D---- C:\ProgramData\Orbit
2014-05-25 03:10:14 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-05-22 02:56:44 ----D---- C:\Windows\Microsoft.NET
2014-05-22 02:45:11 ----D---- C:\ProgramData\AMD
2014-05-22 02:43:51 ----D---- C:\Program Files\Common Files
2014-05-22 02:43:25 ----D---- C:\ProgramData\Package Cache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-05-13 191768]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-05-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-05-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-05-13 31512]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2011-12-14 213888]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-05-13 152344]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-05-13 236312]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-05-13 235800]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-05-13 273176]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-28 283200]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
R2 ESLWireAC;ESLWireAC; \??\C:\Windows\system32\drivers\ESLWireACD.sys [2012-12-17 160784]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2012-05-30 16168]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-04-18 15376384]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-04-18 638976]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-28 2905832]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-09-21 351520]
R3 LVUVC64;Logitech HD Webcam C270(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-09-21 4763680]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2011-12-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 danewFltr;NewDeathAdder Mouse; C:\Windows\system32\drivers\danew.sys [2010-03-23 12032]
S3 ESEADriver2;ESEADriver2; \??\C:\Users\Misko\AppData\Local\Temp\ESEADriver2.sys []
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-02 66840]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-02 60696]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2011-09-02 42776]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver; C:\Windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VKbms;Razer Gaming Device; C:\Windows\system32\DRIVERS\VKbms.sys [2010-09-30 13312]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2011-12-07 74960]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-04-18 239616]
R2 AVGIDSAgent;AVGIDSAgent; A:\avg\avgidsagent.exe [2014-05-13 3644432]
R2 avgwd;AVG WatchDog; A:\avg\avgwdsvc.exe [2014-05-13 292424]
R2 EslWireHelper;ESL Wire Helper Service; C:\Program Files\EslWire\service\WireHelperSvc.exe [2012-12-17 678416]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-10-31 76888]
R2 XMouseButton Launcher;XMouseButton Launcher; C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2012-06-23 87040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20 262320]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-09 51648]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-05-29 543424]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.6; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-05-30 149544]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
-----------------EOF-----------------
Re: Malware v pc ? Prosim o radu
Jeste jeden sken a budem mazat.
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Malware v pc ? Prosim o radu
pri scane mi to vyhodilu nejaku chybu ze cannot create file c/users/bla bla bla .. cmd.bat . a teraz sa to nejak zaseklo na Looking in folder :\... a nic sa nedeje, pockam ci sa to rozhybe ak nie tak neviem.
Re: Malware v pc ? Prosim o radu
Obcas se to stane, ze OTL tuhle chybku vyhodi 
Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem
Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /sPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Malware v pc ? Prosim o radu
OTL logfile created on: 22. 6. 2014 13:24:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Misko\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
7,98 Gb Total Physical Memory | 6,37 Gb Available Physical Memory | 79,85% Memory free
15,96 Gb Paging File | 14,26 Gb Available in Paging File | 89,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 30,05 Gb Free Space | 43,96% Space Free | Partition Type: NTFS
Drive D: | 397,30 Gb Total Space | 79,56 Gb Free Space | 20,03% Space Free | Partition Type: NTFS
Computer Name: MISKO-PC | User Name: Misko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/21 19:24:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Misko\Desktop\OTL.exe
PRC - [2014/06/06 05:38:12 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- A:\avg\avgidsagent.exe
PRC - [2014/05/13 14:18:32 | 005,181,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- A:\avg\avgui.exe
PRC - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- A:\avg\avgwdsvc.exe
PRC - [2013/10/31 21:07:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- D:\Programs\Webcam\LWS\Webcam Software\LWS.exe
========== Modules (No Company Name) ==========
MOD - [2014/06/06 05:38:45 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- D:\Programs\Webcam\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- D:\Programs\Webcam\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- D:\Programs\Webcam\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- D:\Programs\Webcam\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- D:\Programs\Webcam\LWS\Webcam Software\QTCore4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/04/18 02:29:24 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/12/17 11:39:34 | 000,678,416 | ---- | M] () [Auto | Running] -- C:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV:64bit: - [2012/06/23 16:49:24 | 000,087,040 | ---- | M] (Highresolution Enterprises) [Auto | Running] -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe -- (XMouseButton Launcher)
SRV:64bit: - [2012/05/30 13:11:34 | 000,149,544 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/06/20 16:10:15 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/29 18:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- A:\avg\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- A:\avg\avgwdsvc.exe -- (avgwd)
SRV - [2013/10/31 21:07:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/05/13 14:20:26 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/05/13 14:20:06 | 000,273,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/05/13 14:06:06 | 000,323,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/05/13 14:05:40 | 000,191,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/05/13 14:05:08 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/05/13 14:05:06 | 000,130,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/05/13 14:04:56 | 000,236,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/05/13 14:04:30 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/04/18 03:36:46 | 015,376,384 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/04/18 02:07:06 | 000,638,976 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/12/19 17:45:50 | 000,094,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/12/17 11:39:26 | 000,160,784 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012/09/21 20:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 20:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/05/30 13:10:50 | 000,016,168 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/03/28 01:34:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/14 01:59:54 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/14 01:59:54 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011/09/21 09:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/09/02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/17 09:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/06/02 09:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/06/02 09:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/16 15:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/30 23:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/03/23 15:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 E7 AE 3A 1C 8C CF 01 [binary data]
IE - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/10 17:20:14 | 000,000,000 | ---D | M]
[2014/06/20 01:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Misko\AppData\Roaming\mozilla\Extensions
[2014/06/20 17:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Misko\AppData\Roaming\mozilla\Firefox\Profiles\ca65456g.default\extensions
[2014/06/20 17:30:14 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Misko\AppData\Roaming\mozilla\firefox\profiles\ca65456g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/06/20 01:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/20 01:13:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2014/06/20 22:48:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] A:\avg\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LWS] D:\Programs\Webcam\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.91.1.128 85.91.1.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4042C56C-3DAD-43DC-8251-26F9BD58168D}: DhcpNameServer = 85.91.1.128 85.91.1.130
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014/06/21 19:24:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Misko\Desktop\OTL.exe
[2014/06/20 22:50:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/06/20 22:48:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/06/20 18:31:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/06/20 18:31:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/06/20 18:31:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/06/20 18:31:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/06/20 18:31:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/06/20 18:29:15 | 005,207,168 | R--- | C] (Swearware) -- C:\Users\Misko\Desktop\ComboFix.exe
[2014/06/20 17:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/06/20 16:10:15 | 000,699,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/06/20 16:10:15 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/06/20 15:56:27 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\AVG
[2014/06/20 15:56:27 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Local\AVG
[2014/06/20 15:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/06/20 15:53:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/06/20 14:56:19 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\AVG2014
[2014/06/20 14:55:55 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\TuneUp Software
[2014/06/20 14:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/06/20 14:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/06/20 14:55:40 | 000,000,000 | ---D | C] -- C:\$AVG
[2014/06/20 14:52:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/06/20 14:52:25 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Local\MFAData
[2014/06/20 14:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/06/20 14:52:25 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Local\Avg2014
[2014/06/20 00:41:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/19 22:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/06/19 22:07:33 | 000,000,000 | ---D | C] -- C:\rsit
[2014/06/19 04:32:15 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESEA
[2014/06/15 18:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
[2014/06/10 17:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/09 19:49:33 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\Injustice
[2014/06/07 03:22:43 | 000,000,000 | ---D | C] -- C:\Users\Misko\.chatty
[2014/06/03 22:59:05 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\NCSOFT
[2014/06/03 22:59:05 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Local\NCSOFT
[2014/06/01 01:23:45 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\MotioninJoy
[2014/06/01 01:23:42 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2014/06/01 01:23:42 | 000,328,712 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\MijFrc.dll
[2014/06/01 01:23:42 | 000,121,416 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2014/06/01 01:23:42 | 000,074,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys
[2014/06/01 01:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2014/06/01 01:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2014/05/25 03:21:45 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\Ubisoft
[2014/05/25 03:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2014/05/25 01:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
[2014/05/24 12:42:34 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Local\Ubisoft Game Launcher
========== Files - Modified Within 30 Days ==========
[2014/06/22 13:25:52 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/06/22 13:25:33 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 13:25:33 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 13:18:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/22 13:18:17 | 2132,705,279 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/22 05:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/21 21:24:49 | 000,007,607 | ---- | M] () -- C:\Users\Misko\AppData\Local\Resmon.ResmonCfg
[2014/06/21 19:24:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Misko\Desktop\OTL.exe
[2014/06/20 22:48:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/06/20 18:29:34 | 005,207,168 | R--- | M] (Swearware) -- C:\Users\Misko\Desktop\ComboFix.exe
[2014/06/20 17:31:06 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/20 17:31:06 | 000,652,488 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/20 17:31:06 | 000,120,890 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/20 16:10:15 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/06/20 16:10:15 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/06/20 14:55:55 | 000,000,571 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/06/20 01:13:37 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/20 00:49:35 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/06/19 23:06:41 | 001,333,465 | ---- | M] () -- C:\Users\Misko\Desktop\AdwCleaner.exe
[2014/06/19 04:32:15 | 000,000,619 | ---- | M] () -- C:\Users\Misko\Desktop\ESEA Client.lnk
[2014/06/18 04:40:18 | 000,000,205 | ---- | M] () -- C:\Users\Misko\Desktop\Counter-Strike Global Offensive.url
[2014/06/15 18:51:44 | 000,000,660 | ---- | M] () -- C:\Users\Public\Desktop\Tomb Raider.lnk
[2014/06/14 04:10:02 | 000,011,659 | ---- | M] () -- C:\Users\Misko\Desktop\tchdwn.jpg
[2014/06/09 14:38:38 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\Injustice Gods Among Us Ultimate Edition.lnk
[2014/06/01 01:27:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2014/05/31 17:32:51 | 000,001,064 | ---- | M] () -- C:\Users\Misko\Desktop\Watch_Dogs - odkaz.lnk
[2014/05/25 01:38:00 | 000,000,725 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of the Storm.lnk
========== Files Created - No Company Name ==========
[2014/06/21 19:27:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/06/20 18:31:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/06/20 18:31:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/06/20 18:31:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/06/20 18:31:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/06/20 18:31:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/06/20 16:10:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/20 14:55:55 | 000,000,571 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/06/20 14:32:45 | 001,333,465 | ---- | C] () -- C:\Users\Misko\Desktop\AdwCleaner.exe
[2014/06/20 01:13:37 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/20 01:13:37 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/19 04:32:15 | 000,000,619 | ---- | C] () -- C:\Users\Misko\Desktop\ESEA Client.lnk
[2014/06/18 04:40:18 | 000,000,205 | ---- | C] () -- C:\Users\Misko\Desktop\Counter-Strike Global Offensive.url
[2014/06/15 18:51:44 | 000,000,660 | ---- | C] () -- C:\Users\Public\Desktop\Tomb Raider.lnk
[2014/06/14 04:10:02 | 000,011,659 | ---- | C] () -- C:\Users\Misko\Desktop\tchdwn.jpg
[2014/06/09 14:38:38 | 000,000,775 | ---- | C] () -- C:\Users\Public\Desktop\Injustice Gods Among Us Ultimate Edition.lnk
[2014/06/09 14:38:38 | 000,000,775 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Injustice Gods Among Us Ultimate Edition.lnk
[2014/06/01 01:27:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2014/05/31 17:32:34 | 000,001,064 | ---- | C] () -- C:\Users\Misko\Desktop\Watch_Dogs - odkaz.lnk
[2014/05/25 01:38:00 | 000,000,725 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of the Storm.lnk
[2014/05/22 02:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/04/18 03:22:56 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2014/04/18 03:22:56 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2014/04/18 02:25:52 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2014/04/18 02:25:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014/04/17 22:28:30 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2014/03/02 23:19:22 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/10/31 21:07:47 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/31 21:07:46 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/10/31 21:07:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/10/31 21:04:57 | 000,007,607 | ---- | C] () -- C:\Users\Misko\AppData\Local\Resmon.ResmonCfg
[2013/08/03 19:37:15 | 000,000,252 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2013/08/03 19:28:14 | 000,000,261 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/09/21 20:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/09/21 20:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/09/21 20:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/09/01 20:00:15 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012/07/25 13:18:09 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/12/14 01:37:39 | 014,173,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/12/14 01:37:39 | 012,873,216 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/10/29 18:39:39 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Audacity
[2014/06/20 15:56:27 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\AVG
[2014/06/20 14:56:19 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\AVG2014
[2012/05/28 20:54:16 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\avidemux
[2014/03/02 00:28:15 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Awesomium
[2014/05/02 23:01:15 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Battle.net
[2014/06/19 21:14:12 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\DAEMON Tools Lite
[2012/05/28 21:09:40 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\DVDVideoSoft
[2012/04/16 12:45:08 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Foxit Software
[2012/09/16 01:54:35 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Highresolution Enterprises
[2013/08/17 14:33:11 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\ImgBurn
[2014/06/09 19:49:33 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Injustice
[2012/09/16 01:39:25 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Leadertech
[2012/04/08 12:52:40 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\LolClient
[2012/06/22 00:21:36 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\LolClient2
[2014/06/01 01:23:45 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\MotioninJoy
[2014/06/03 22:59:05 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\NCSOFT
[2013/11/03 00:21:22 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\OBS
[2014/06/20 01:05:16 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Opera Software
[2013/11/20 22:44:55 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Origin
[2012/03/27 19:10:33 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Razer
[2012/03/27 20:12:36 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\SplitMediaLabs
[2014/06/19 21:14:05 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\TS3Client
[2014/06/20 14:55:55 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\TuneUp Software
[2014/05/25 03:21:45 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Ubisoft
[2014/06/21 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\uTorrent
[2012/03/27 22:07:49 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\WeatherWatcher
[2012/08/12 20:03:40 | 000,000,000 | ---D | M] -- C:\Users\NA\AppData\Roaming\Razer
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,556 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2014/06/20 16:10:16 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2010/11/21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011/12/14 00:26:15 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/12/14 00:26:15 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/12/14 00:26:15 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/12/14 00:26:15 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/12/14 00:26:15 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/12/14 00:26:15 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/12/14 00:26:15 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: HAL.DLL >
[2011/12/14 00:48:42 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=2992565BB0B713280CB371179E5BB822 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.21725_none_09cec722896e93cf\hal.dll
[2011/12/14 00:48:42 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=ADA53A5963BB7A216A749498F9A114F6 -- C:\Windows\SysNative\hal.dll
[2011/12/14 00:48:42 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=ADA53A5963BB7A216A749498F9A114F6 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17614_none_094ef9f97049bebd\hal.dll
[2010/11/21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
< MD5 for: SCECLI.DLL >
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/14 00:23:08 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011/12/14 00:23:08 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe
[2011/12/14 00:23:08 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\SysNative\svchost.exe
[2011/12/14 00:23:08 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2011/12/14 00:23:08 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011/12/14 00:23:08 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe
[2011/12/14 00:23:08 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011/12/14 00:23:08 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe
< MD5 for: TCPIP.SYS >
[2011/12/14 00:39:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=0E97949B1DD941B01E79A29ECCFA076B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21732_none_11b6160696356d5c\tcpip.sys
[2011/12/14 00:04:27 | 001,928,064 | ---- | M] (Microsoft Corporation) MD5=4A68EA6B21FB6316E01457DE1A678AA9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21645_none_11ae4512963ad82b\tcpip.sys
[2010/11/21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/12/14 01:18:37 | 001,912,688 | ---- | M] (Microsoft Corporation) MD5=AF74155B307EC132E4738C8149CE50C3 -- C:\Windows\erdnt\cache64\tcpip.sys
[2011/12/14 01:18:37 | 001,912,688 | ---- | M] (Microsoft Corporation) MD5=AF74155B307EC132E4738C8149CE50C3 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011/12/14 01:18:37 | 001,912,688 | ---- | M] (Microsoft Corporation) MD5=AF74155B307EC132E4738C8149CE50C3 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21830_none_11b41758963737d5\tcpip.sys
[2011/12/14 00:01:15 | 001,912,688 | ---- | M] (Microsoft Corporation) MD5=FF478FC46658C982C2DDC0E9AADCF45A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21789_none_118708709657aa72\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2011/12/14 01:43:42 | 000,391,168 | ---- | M] (Microsoft Corporation) MD5=EC5BD25A41E9B633CB39120DBB0939DC -- C:\Windows\erdnt\cache64\winlogon.exe
[2011/12/14 01:43:42 | 000,391,168 | ---- | M] (Microsoft Corporation) MD5=EC5BD25A41E9B633CB39120DBB0939DC -- C:\Windows\SysNative\winlogon.exe
[2011/12/14 01:43:42 | 000,391,168 | ---- | M] (Microsoft Corporation) MD5=EC5BD25A41E9B633CB39120DBB0939DC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.21820_none_ce63d60904ba56e3\winlogon.exe
< >
< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012/03/27 20:10:48 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Adobe
[2014/05/22 02:46:54 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\ATI
[2013/10/29 18:39:39 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Audacity
[2014/06/20 15:56:27 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\AVG
[2014/06/20 14:56:19 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\AVG2014
[2012/05/28 20:54:16 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\avidemux
[2014/03/02 00:28:15 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Awesomium
[2014/05/02 23:01:15 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Battle.net
[2014/06/19 21:14:12 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\DAEMON Tools Lite
[2012/07/25 21:56:55 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\DivX
[2013/01/07 22:25:29 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\dvdcss
[2012/05/28 21:09:40 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\DVDVideoSoft
[2012/04/16 12:45:08 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Foxit Software
[2012/09/16 01:54:35 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Highresolution Enterprises
[2012/03/27 17:36:12 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Identities
[2013/08/17 14:33:11 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\ImgBurn
[2014/06/09 19:49:33 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Injustice
[2012/03/27 17:41:05 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\InstallShield
[2012/09/16 01:39:25 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Leadertech
[2012/09/16 01:38:41 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Logishrd
[2013/04/12 21:01:16 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Logitech
[2012/04/08 12:52:40 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\LolClient
[2012/06/22 00:21:36 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\LolClient2
[2012/03/27 20:10:48 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Macromedia
[2014/01/14 00:10:41 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Malwarebytes
[2010/11/21 16:10:29 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Media Center Programs
[2013/11/03 21:02:55 | 000,000,000 | --SD | M] -- C:\Users\Misko\AppData\Roaming\Microsoft
[2012/07/29 23:25:20 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Microsoft Games
[2013/11/25 19:50:40 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\mIRC
[2014/06/01 01:23:45 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\MotioninJoy
[2014/06/20 01:13:48 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Mozilla
[2014/06/03 22:59:05 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\NCSOFT
[2013/11/03 00:21:22 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\OBS
[2014/06/20 01:05:16 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Opera Software
[2013/11/20 22:44:55 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Origin
[2012/03/27 19:10:33 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Razer
[2012/03/29 02:26:21 | 000,000,000 | RH-D | M] -- C:\Users\Misko\AppData\Roaming\SecuROM
[2014/06/14 04:32:26 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Skype
[2012/03/27 20:12:36 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\SplitMediaLabs
[2014/06/19 21:14:05 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\TS3Client
[2014/06/20 14:55:55 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\TuneUp Software
[2014/05/25 03:21:45 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Ubisoft
[2014/06/21 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\uTorrent
[2013/08/03 19:38:38 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Ventrilo
[2014/06/11 03:49:49 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\vlc
[2012/03/27 22:07:49 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\WeatherWatcher
[2012/03/29 02:14:15 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2013/01/17 15:51:26 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Misko\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2014/05/02 23:31:29 | 000,155,648 | ---- | M] (obsproject.com) -- C:\Users\Misko\AppData\Roaming\OBS\updates\updater.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2014/06/22 05:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014/06/20 16:10:15 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014/06/20 16:10:15 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
< %SYSTEMDRIVE%\*.exe >
< >
< *crack* /s >
[2012/07/25 15:16:18 | 011,291,838 | ---- | M] () -- \Users\Misko\Music\Flux Pavilion - Plux Favilion [2011][v2]\Flux Pavilion - Cracks.mp3
< *keygen* /s >
< *AntiWPA* /s >
< *loader* /s >
[2013/05/30 00:13:38 | 000,000,194 | ---- | M] () -- \Program Files (x86)\Common Files\Blizzard Entertainment\BlizzardDownloader.ini
[2011/03/19 22:13:33 | 000,169,384 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6 Standalone\cstrike\models\qloader.mdl
[2011/03/19 22:09:50 | 000,352,548 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6 Standalone\valve\models\loader.mdl
[2011/03/19 22:09:55 | 000,012,764 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6 Standalone\valve\sound\ambience\loader_hydra1.wav
[2011/03/19 22:09:55 | 000,012,164 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6 Standalone\valve\sound\ambience\loader_step1.wav
[2010/02/22 12:24:38 | 000,071,008 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2010/02/22 12:36:12 | 000,073,568 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2012/02/27 22:58:46 | 000,008,787 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderLargeBlue.gif
[2012/02/27 22:58:46 | 000,008,787 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderLargeGrey.gif
[2012/02/27 22:58:46 | 000,001,737 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderSmallBlue.gif
[2012/02/27 22:58:46 | 000,001,737 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderSmallGold.gif
[2012/10/26 18:04:12 | 000,329,056 | ---- | M] () -- \Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2_loader.dll
[2012/10/26 18:01:02 | 000,293,376 | ---- | M] () -- \Program Files (x86)\Ubisoft\Ubisoft Game Launcher\uplay_r1_loader.dll
[2012/12/04 17:00:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012/12/04 17:00:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012/12/04 17:00:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2012/12/04 17:00:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012/12/04 17:00:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012/12/04 17:00:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2014/03/03 01:43:38 | 000,030,595 | ---- | M] () -- \Users\Misko\Documents\StarCraft II\Accounts\113558682\1-S2-1-4161750\Replays\Unsaved\Multiplayer\Unit Preloader.SC2Replay
[2011/12/14 00:37:39 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2011/12/14 00:37:39 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009/07/14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 01:39:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 01:39:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21824_none_6956c610ab953386\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 00:37:39 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21831_none_6948f546aba00372\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 00:28:38 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_d5134ed413e8a2b1.manifest
[2011/12/14 00:28:38 | 000,033,152 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_d5134ed413e8a2b1_winload.efi.mui_35ee487d
[2011/12/14 00:28:38 | 000,033,152 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_d5134ed413e8a2b1_winload.exe.mui_3bc5b827
[2011/12/14 00:28:38 | 000,030,080 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_d5134ed413e8a2b1_winresume.efi.mui_f412814e
[2011/12/14 00:28:38 | 000,030,080 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_d5134ed413e8a2b1_winresume.exe.mui_ff8b5358
[2011/12/14 00:28:39 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_b9967d2e9c93cb50.manifest
[2011/12/14 00:28:39 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_b9967d2e9c93cb50_winload.efi_75834aa0
[2011/12/14 00:28:39 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_b9967d2e9c93cb50_winload.exe_75835076
[2011/12/14 00:28:39 | 000,567,232 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_b9967d2e9c93cb50_winresume.efi_85cd069f
[2011/12/14 00:28:39 | 000,519,696 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_b9967d2e9c93cb50_winresume.exe_85cd1215
[2009/07/14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2010/11/21 15:59:29 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2011/12/14 00:28:27 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_d5134ed413e8a2b1.manifest
[2010/11/21 04:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011/12/14 00:20:26 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011/12/14 00:20:26 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2011/12/14 00:28:27 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_b9967d2e9c93cb50.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_9fafda64680afbaf.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_da-dk_3ce9ba8b5e50f7ae.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_el-gr_e2ab7d5a4f3cb4d6.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_fi-fi_81ec875144463bdc.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_hu-hu_ccf978eb265e2f30.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_ko-kr_b5404aabfebc1e83.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_nb-no_9dd2cbe0d6e14a3f.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pl-pl_e24e71a0bd2fc1c8.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pt-br_e4a25c44bbb955ac.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pt-pt_e5842bb0bb28c588.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_ru-ru_2c273d74a00a53b4.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_sv-se_c82227e997335e0f.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_tr-tr_712f723085ef6000.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-cn_428c902e3627321f.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-hk_413788bc3702a4af.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-tw_4688cd8433980e8f.manifest
[2009/07/14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 01:39:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 01:39:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21824_none_0d382a8cf337c250\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 00:37:39 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21831_none_0d2a59c2f342923c\api-ms-win-core-libraryloader-l1-1-0.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2012/03/29 05:01:00 | 000,413,696 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.dll
[2012/10/25 18:49:09 | 001,186,816 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.ni.dll
[2011/12/14 01:54:17 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011/12/14 01:54:17 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2011/12/14 01:54:17 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012/03/27 18:37:02 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6b714edb5f4f5a71bb3f4ce9b30ea1a3\System.Runtime.Serialization.ni.dll
[2012/03/27 17:38:06 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d7b3b8ccc330ab387ec652ade6bda128\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012/03/27 18:36:08 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\3878c0540bef43de84461142e35abc78\System.Runtime.Serialization.ni.dll
[2012/03/27 17:39:46 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\c5d43ef7812034bf0b4004f78c7a9233\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013/11/03 21:25:11 | 000,304,640 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\873837befa260d32cd0b3ce811b96efb\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013/11/03 21:25:11 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\873837befa260d32cd0b3ce811b96efb\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2013/11/03 21:25:16 | 002,785,280 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll
[2013/11/03 21:25:16 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll.aux
[2013/11/04 19:30:24 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\15ecbb8a1ddca366bda70718005521a1\System.Xml.Serialization.ni.dll
[2013/11/04 19:30:24 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\15ecbb8a1ddca366bda70718005521a1\System.Xml.Serialization.ni.dll.aux
[2013/11/04 19:31:58 | 000,373,248 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\cab4c46773a123bd72b938cc405aed46\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013/11/04 19:31:58 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\cab4c46773a123bd72b938cc405aed46\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2013/11/04 19:33:04 | 003,599,872 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\9ffb83b70cc1fa28d2fd02956cf0c831\System.Runtime.Serialization.ni.dll
[2013/11/04 19:33:04 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\9ffb83b70cc1fa28d2fd02956cf0c831\System.Runtime.Serialization.ni.dll.aux
[2013/11/04 19:36:08 | 000,028,672 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\b2db45296eabfd00db1920158f3f5eb5\System.Xml.Serialization.ni.dll
[2013/11/04 19:36:08 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\b2db45296eabfd00db1920158f3f5eb5\System.Xml.Serialization.ni.dll.aux
[2012/07/09 01:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/09 01:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2012/07/09 01:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2012/07/09 01:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2012/07/09 01:40:08 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012/07/09 01:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2012/07/09 01:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011/12/14 01:54:17 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2012/07/09 01:40:08 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2012/07/09 01:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/09 01:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2012/07/09 01:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2012/07/09 01:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2012/07/09 01:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2012/07/09 01:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2009/06/10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011/12/14 01:54:17 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2012/07/09 01:40:08 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2012/07/09 01:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/09 01:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2012/07/09 01:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2012/07/09 01:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2012/07/09 01:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2012/07/09 01:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009/07/14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/06/10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2010/11/21 16:00:02 | 000,005,120 | ---- | M] () -- \Windows\System32\sk-SK\serialui.dll.mui
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2010/11/21 16:00:02 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\sk-SK\serialui.dll.mui
[2010/11/21 16:00:00 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_d5f23af62a751552\serialui.dll.mui
[2009/07/14 02:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2010/11/21 16:00:06 | 000,010,240 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_64015f894ce7c72a\serial.sys.mui
[2009/07/14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009/06/10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010/11/21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2011/12/14 01:29:02 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.21812_none_424b46668e8b2488\System.Runtime.Serialization.dll
[2011/12/14 01:54:17 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.21864_none_42501a488e86d67d\System.Runtime.Serialization.dll
[2010/11/21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2011/12/14 01:29:02 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21812_none_7d225330e2831f21\System.Runtime.Serialization.dll
[2011/12/14 01:54:17 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21864_none_7d272712e27ed116\System.Runtime.Serialization.dll
[2011/12/14 00:20:35 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011/12/14 00:20:35 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2010/11/21 16:00:28 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_d5f23af62a751552_serialui.dll.mui_7d29d2a3
[2009/07/14 03:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2010/11/21 16:00:28 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c_serialui.dll.mui_7d29d2a3
[2009/07/14 03:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009/07/14 03:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011/12/14 00:20:26 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011/12/14 00:20:26 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009/07/14 03:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010/11/21 04:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2011/12/14 01:28:53 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.21812_none_424b46668e8b2488.manifest
[2011/12/14 01:54:10 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.21864_none_42501a488e86d67d.manifest
[2010/11/21 04:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2011/12/14 01:28:53 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21812_none_7d225330e2831f21.manifest
[2011/12/14 01:54:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21864_none_7d272712e27ed116.manifest
[2010/11/21 04:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2011/12/14 01:28:53 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21812_none_8fb1a8a08e81acb2.manifest
[2011/12/14 01:54:10 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21864_none_8fb67c828e7d5ea7.manifest
[2010/11/21 15:59:36 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2011/12/14 01:28:53 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.21812_en-us_7879696fd97917de.manifest
[2011/12/14 01:54:10 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.21864_en-us_787e3d51d974c9d3.manifest
[2010/11/21 04:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2011/12/14 01:28:53 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21812_none_bff4de3ab628ade5.manifest
[2011/12/14 01:54:10 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21864_none_bff9b21cb6245fda.manifest
[2010/11/21 04:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2011/12/14 01:28:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21812_none_c4cf8a07f6ff4827.manifest
[2011/12/14 01:54:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21864_none_c4d45de9f6fafa1c.manifest
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2011/12/14 01:29:02 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21812_none_8fb1a8a08e81acb2\System.Runtime.Serialization.dll
[2011/12/14 01:54:17 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21864_none_8fb67c828e7d5ea7\System.Runtime.Serialization.dll
[2010/11/21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2011/12/14 01:29:02 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21812_none_bff4de3ab628ade5\System.Runtime.Serialization.dll
[2011/12/14 01:54:17 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21864_none_bff9b21cb6245fda\System.Runtime.Serialization.dll
[2010/11/21 16:00:02 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c\serialui.dll.mui
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010/11/21 04:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2011/12/14 01:29:02 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21812_none_c4cf8a07f6ff4827\System.Runtime.Serialization.dll
[2011/12/14 01:54:17 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21864_none_c4d45de9f6fafa1c\System.Runtime.Serialization.dll
< *w7lxe* /s >
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Misko\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
7,98 Gb Total Physical Memory | 6,37 Gb Available Physical Memory | 79,85% Memory free
15,96 Gb Paging File | 14,26 Gb Available in Paging File | 89,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 30,05 Gb Free Space | 43,96% Space Free | Partition Type: NTFS
Drive D: | 397,30 Gb Total Space | 79,56 Gb Free Space | 20,03% Space Free | Partition Type: NTFS
Computer Name: MISKO-PC | User Name: Misko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/21 19:24:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Misko\Desktop\OTL.exe
PRC - [2014/06/06 05:38:12 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- A:\avg\avgidsagent.exe
PRC - [2014/05/13 14:18:32 | 005,181,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- A:\avg\avgui.exe
PRC - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- A:\avg\avgwdsvc.exe
PRC - [2013/10/31 21:07:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- D:\Programs\Webcam\LWS\Webcam Software\LWS.exe
========== Modules (No Company Name) ==========
MOD - [2014/06/06 05:38:45 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- D:\Programs\Webcam\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- D:\Programs\Webcam\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- D:\Programs\Webcam\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- D:\Programs\Webcam\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- D:\Programs\Webcam\LWS\Webcam Software\QTCore4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/04/18 02:29:24 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/12/17 11:39:34 | 000,678,416 | ---- | M] () [Auto | Running] -- C:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV:64bit: - [2012/06/23 16:49:24 | 000,087,040 | ---- | M] (Highresolution Enterprises) [Auto | Running] -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe -- (XMouseButton Launcher)
SRV:64bit: - [2012/05/30 13:11:34 | 000,149,544 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/06/20 16:10:15 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/29 18:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- A:\avg\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- A:\avg\avgwdsvc.exe -- (avgwd)
SRV - [2013/10/31 21:07:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/05/13 14:20:26 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/05/13 14:20:06 | 000,273,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/05/13 14:06:06 | 000,323,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/05/13 14:05:40 | 000,191,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/05/13 14:05:08 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/05/13 14:05:06 | 000,130,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/05/13 14:04:56 | 000,236,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/05/13 14:04:30 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/04/18 03:36:46 | 015,376,384 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/04/18 02:07:06 | 000,638,976 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/12/19 17:45:50 | 000,094,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/12/17 11:39:26 | 000,160,784 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012/09/21 20:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 20:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/05/30 13:10:50 | 000,016,168 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/03/28 01:34:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/14 01:59:54 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/14 01:59:54 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011/09/21 09:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/09/02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/17 09:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/06/02 09:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/06/02 09:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/16 15:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/30 23:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/03/23 15:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 E7 AE 3A 1C 8C CF 01 [binary data]
IE - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/10 17:20:14 | 000,000,000 | ---D | M]
[2014/06/20 01:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Misko\AppData\Roaming\mozilla\Extensions
[2014/06/20 17:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Misko\AppData\Roaming\mozilla\Firefox\Profiles\ca65456g.default\extensions
[2014/06/20 17:30:14 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Misko\AppData\Roaming\mozilla\firefox\profiles\ca65456g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/06/20 01:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/20 01:13:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2014/06/20 22:48:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] A:\avg\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LWS] D:\Programs\Webcam\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.91.1.128 85.91.1.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4042C56C-3DAD-43DC-8251-26F9BD58168D}: DhcpNameServer = 85.91.1.128 85.91.1.130
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014/06/21 19:24:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Misko\Desktop\OTL.exe
[2014/06/20 22:50:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/06/20 22:48:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/06/20 18:31:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/06/20 18:31:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/06/20 18:31:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/06/20 18:31:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/06/20 18:31:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/06/20 18:29:15 | 005,207,168 | R--- | C] (Swearware) -- C:\Users\Misko\Desktop\ComboFix.exe
[2014/06/20 17:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/06/20 16:10:15 | 000,699,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/06/20 16:10:15 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/06/20 15:56:27 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\AVG
[2014/06/20 15:56:27 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Local\AVG
[2014/06/20 15:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/06/20 15:53:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/06/20 14:56:19 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\AVG2014
[2014/06/20 14:55:55 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\TuneUp Software
[2014/06/20 14:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/06/20 14:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/06/20 14:55:40 | 000,000,000 | ---D | C] -- C:\$AVG
[2014/06/20 14:52:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/06/20 14:52:25 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Local\MFAData
[2014/06/20 14:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/06/20 14:52:25 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Local\Avg2014
[2014/06/20 00:41:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/19 22:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/06/19 22:07:33 | 000,000,000 | ---D | C] -- C:\rsit
[2014/06/19 04:32:15 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESEA
[2014/06/15 18:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
[2014/06/10 17:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/09 19:49:33 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\Injustice
[2014/06/07 03:22:43 | 000,000,000 | ---D | C] -- C:\Users\Misko\.chatty
[2014/06/03 22:59:05 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\NCSOFT
[2014/06/03 22:59:05 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Local\NCSOFT
[2014/06/01 01:23:45 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\MotioninJoy
[2014/06/01 01:23:42 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2014/06/01 01:23:42 | 000,328,712 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\MijFrc.dll
[2014/06/01 01:23:42 | 000,121,416 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2014/06/01 01:23:42 | 000,074,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys
[2014/06/01 01:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2014/06/01 01:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2014/05/25 03:21:45 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Roaming\Ubisoft
[2014/05/25 03:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2014/05/25 01:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
[2014/05/24 12:42:34 | 000,000,000 | ---D | C] -- C:\Users\Misko\AppData\Local\Ubisoft Game Launcher
========== Files - Modified Within 30 Days ==========
[2014/06/22 13:25:52 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/06/22 13:25:33 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 13:25:33 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 13:18:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/22 13:18:17 | 2132,705,279 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/22 05:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/21 21:24:49 | 000,007,607 | ---- | M] () -- C:\Users\Misko\AppData\Local\Resmon.ResmonCfg
[2014/06/21 19:24:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Misko\Desktop\OTL.exe
[2014/06/20 22:48:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/06/20 18:29:34 | 005,207,168 | R--- | M] (Swearware) -- C:\Users\Misko\Desktop\ComboFix.exe
[2014/06/20 17:31:06 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/20 17:31:06 | 000,652,488 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/20 17:31:06 | 000,120,890 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/20 16:10:15 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/06/20 16:10:15 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/06/20 14:55:55 | 000,000,571 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/06/20 01:13:37 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/20 00:49:35 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/06/19 23:06:41 | 001,333,465 | ---- | M] () -- C:\Users\Misko\Desktop\AdwCleaner.exe
[2014/06/19 04:32:15 | 000,000,619 | ---- | M] () -- C:\Users\Misko\Desktop\ESEA Client.lnk
[2014/06/18 04:40:18 | 000,000,205 | ---- | M] () -- C:\Users\Misko\Desktop\Counter-Strike Global Offensive.url
[2014/06/15 18:51:44 | 000,000,660 | ---- | M] () -- C:\Users\Public\Desktop\Tomb Raider.lnk
[2014/06/14 04:10:02 | 000,011,659 | ---- | M] () -- C:\Users\Misko\Desktop\tchdwn.jpg
[2014/06/09 14:38:38 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\Injustice Gods Among Us Ultimate Edition.lnk
[2014/06/01 01:27:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2014/05/31 17:32:51 | 000,001,064 | ---- | M] () -- C:\Users\Misko\Desktop\Watch_Dogs - odkaz.lnk
[2014/05/25 01:38:00 | 000,000,725 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of the Storm.lnk
========== Files Created - No Company Name ==========
[2014/06/21 19:27:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/06/20 18:31:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/06/20 18:31:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/06/20 18:31:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/06/20 18:31:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/06/20 18:31:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/06/20 16:10:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/20 14:55:55 | 000,000,571 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/06/20 14:32:45 | 001,333,465 | ---- | C] () -- C:\Users\Misko\Desktop\AdwCleaner.exe
[2014/06/20 01:13:37 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/20 01:13:37 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/19 04:32:15 | 000,000,619 | ---- | C] () -- C:\Users\Misko\Desktop\ESEA Client.lnk
[2014/06/18 04:40:18 | 000,000,205 | ---- | C] () -- C:\Users\Misko\Desktop\Counter-Strike Global Offensive.url
[2014/06/15 18:51:44 | 000,000,660 | ---- | C] () -- C:\Users\Public\Desktop\Tomb Raider.lnk
[2014/06/14 04:10:02 | 000,011,659 | ---- | C] () -- C:\Users\Misko\Desktop\tchdwn.jpg
[2014/06/09 14:38:38 | 000,000,775 | ---- | C] () -- C:\Users\Public\Desktop\Injustice Gods Among Us Ultimate Edition.lnk
[2014/06/09 14:38:38 | 000,000,775 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Injustice Gods Among Us Ultimate Edition.lnk
[2014/06/01 01:27:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2014/05/31 17:32:34 | 000,001,064 | ---- | C] () -- C:\Users\Misko\Desktop\Watch_Dogs - odkaz.lnk
[2014/05/25 01:38:00 | 000,000,725 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of the Storm.lnk
[2014/05/22 02:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/04/18 03:22:56 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2014/04/18 03:22:56 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2014/04/18 02:25:52 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2014/04/18 02:25:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014/04/17 22:28:30 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2014/03/02 23:19:22 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/10/31 21:07:47 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/31 21:07:46 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/10/31 21:07:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/10/31 21:04:57 | 000,007,607 | ---- | C] () -- C:\Users\Misko\AppData\Local\Resmon.ResmonCfg
[2013/08/03 19:37:15 | 000,000,252 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2013/08/03 19:28:14 | 000,000,261 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/09/21 20:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/09/21 20:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/09/21 20:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/09/01 20:00:15 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012/07/25 13:18:09 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/12/14 01:37:39 | 014,173,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/12/14 01:37:39 | 012,873,216 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/10/29 18:39:39 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Audacity
[2014/06/20 15:56:27 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\AVG
[2014/06/20 14:56:19 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\AVG2014
[2012/05/28 20:54:16 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\avidemux
[2014/03/02 00:28:15 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Awesomium
[2014/05/02 23:01:15 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Battle.net
[2014/06/19 21:14:12 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\DAEMON Tools Lite
[2012/05/28 21:09:40 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\DVDVideoSoft
[2012/04/16 12:45:08 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Foxit Software
[2012/09/16 01:54:35 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Highresolution Enterprises
[2013/08/17 14:33:11 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\ImgBurn
[2014/06/09 19:49:33 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Injustice
[2012/09/16 01:39:25 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Leadertech
[2012/04/08 12:52:40 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\LolClient
[2012/06/22 00:21:36 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\LolClient2
[2014/06/01 01:23:45 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\MotioninJoy
[2014/06/03 22:59:05 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\NCSOFT
[2013/11/03 00:21:22 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\OBS
[2014/06/20 01:05:16 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Opera Software
[2013/11/20 22:44:55 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Origin
[2012/03/27 19:10:33 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Razer
[2012/03/27 20:12:36 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\SplitMediaLabs
[2014/06/19 21:14:05 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\TS3Client
[2014/06/20 14:55:55 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\TuneUp Software
[2014/05/25 03:21:45 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Ubisoft
[2014/06/21 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\uTorrent
[2012/03/27 22:07:49 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\WeatherWatcher
[2012/08/12 20:03:40 | 000,000,000 | ---D | M] -- C:\Users\NA\AppData\Roaming\Razer
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,556 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2014/06/20 16:10:16 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2010/11/21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011/12/14 00:26:15 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/12/14 00:26:15 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/12/14 00:26:15 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/12/14 00:26:15 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/12/14 00:26:15 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/12/14 00:26:15 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/12/14 00:26:15 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: HAL.DLL >
[2011/12/14 00:48:42 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=2992565BB0B713280CB371179E5BB822 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.21725_none_09cec722896e93cf\hal.dll
[2011/12/14 00:48:42 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=ADA53A5963BB7A216A749498F9A114F6 -- C:\Windows\SysNative\hal.dll
[2011/12/14 00:48:42 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=ADA53A5963BB7A216A749498F9A114F6 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17614_none_094ef9f97049bebd\hal.dll
[2010/11/21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
< MD5 for: SCECLI.DLL >
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/14 00:23:08 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011/12/14 00:23:08 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe
[2011/12/14 00:23:08 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\SysNative\svchost.exe
[2011/12/14 00:23:08 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2011/12/14 00:23:08 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011/12/14 00:23:08 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe
[2011/12/14 00:23:08 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011/12/14 00:23:08 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe
< MD5 for: TCPIP.SYS >
[2011/12/14 00:39:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=0E97949B1DD941B01E79A29ECCFA076B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21732_none_11b6160696356d5c\tcpip.sys
[2011/12/14 00:04:27 | 001,928,064 | ---- | M] (Microsoft Corporation) MD5=4A68EA6B21FB6316E01457DE1A678AA9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21645_none_11ae4512963ad82b\tcpip.sys
[2010/11/21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/12/14 01:18:37 | 001,912,688 | ---- | M] (Microsoft Corporation) MD5=AF74155B307EC132E4738C8149CE50C3 -- C:\Windows\erdnt\cache64\tcpip.sys
[2011/12/14 01:18:37 | 001,912,688 | ---- | M] (Microsoft Corporation) MD5=AF74155B307EC132E4738C8149CE50C3 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011/12/14 01:18:37 | 001,912,688 | ---- | M] (Microsoft Corporation) MD5=AF74155B307EC132E4738C8149CE50C3 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21830_none_11b41758963737d5\tcpip.sys
[2011/12/14 00:01:15 | 001,912,688 | ---- | M] (Microsoft Corporation) MD5=FF478FC46658C982C2DDC0E9AADCF45A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21789_none_118708709657aa72\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2011/12/14 01:43:42 | 000,391,168 | ---- | M] (Microsoft Corporation) MD5=EC5BD25A41E9B633CB39120DBB0939DC -- C:\Windows\erdnt\cache64\winlogon.exe
[2011/12/14 01:43:42 | 000,391,168 | ---- | M] (Microsoft Corporation) MD5=EC5BD25A41E9B633CB39120DBB0939DC -- C:\Windows\SysNative\winlogon.exe
[2011/12/14 01:43:42 | 000,391,168 | ---- | M] (Microsoft Corporation) MD5=EC5BD25A41E9B633CB39120DBB0939DC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.21820_none_ce63d60904ba56e3\winlogon.exe
< >
< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012/03/27 20:10:48 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Adobe
[2014/05/22 02:46:54 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\ATI
[2013/10/29 18:39:39 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Audacity
[2014/06/20 15:56:27 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\AVG
[2014/06/20 14:56:19 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\AVG2014
[2012/05/28 20:54:16 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\avidemux
[2014/03/02 00:28:15 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Awesomium
[2014/05/02 23:01:15 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Battle.net
[2014/06/19 21:14:12 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\DAEMON Tools Lite
[2012/07/25 21:56:55 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\DivX
[2013/01/07 22:25:29 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\dvdcss
[2012/05/28 21:09:40 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\DVDVideoSoft
[2012/04/16 12:45:08 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Foxit Software
[2012/09/16 01:54:35 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Highresolution Enterprises
[2012/03/27 17:36:12 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Identities
[2013/08/17 14:33:11 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\ImgBurn
[2014/06/09 19:49:33 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Injustice
[2012/03/27 17:41:05 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\InstallShield
[2012/09/16 01:39:25 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Leadertech
[2012/09/16 01:38:41 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Logishrd
[2013/04/12 21:01:16 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Logitech
[2012/04/08 12:52:40 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\LolClient
[2012/06/22 00:21:36 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\LolClient2
[2012/03/27 20:10:48 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Macromedia
[2014/01/14 00:10:41 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Malwarebytes
[2010/11/21 16:10:29 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Media Center Programs
[2013/11/03 21:02:55 | 000,000,000 | --SD | M] -- C:\Users\Misko\AppData\Roaming\Microsoft
[2012/07/29 23:25:20 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Microsoft Games
[2013/11/25 19:50:40 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\mIRC
[2014/06/01 01:23:45 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\MotioninJoy
[2014/06/20 01:13:48 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Mozilla
[2014/06/03 22:59:05 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\NCSOFT
[2013/11/03 00:21:22 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\OBS
[2014/06/20 01:05:16 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Opera Software
[2013/11/20 22:44:55 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Origin
[2012/03/27 19:10:33 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Razer
[2012/03/29 02:26:21 | 000,000,000 | RH-D | M] -- C:\Users\Misko\AppData\Roaming\SecuROM
[2014/06/14 04:32:26 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Skype
[2012/03/27 20:12:36 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\SplitMediaLabs
[2014/06/19 21:14:05 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\TS3Client
[2014/06/20 14:55:55 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\TuneUp Software
[2014/05/25 03:21:45 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Ubisoft
[2014/06/21 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\uTorrent
[2013/08/03 19:38:38 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\Ventrilo
[2014/06/11 03:49:49 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\vlc
[2012/03/27 22:07:49 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\WeatherWatcher
[2012/03/29 02:14:15 | 000,000,000 | ---D | M] -- C:\Users\Misko\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2013/01/17 15:51:26 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Misko\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2014/05/02 23:31:29 | 000,155,648 | ---- | M] (obsproject.com) -- C:\Users\Misko\AppData\Roaming\OBS\updates\updater.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2014/06/22 05:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014/06/20 16:10:15 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014/06/20 16:10:15 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
< %SYSTEMDRIVE%\*.exe >
< >
< *crack* /s >
[2012/07/25 15:16:18 | 011,291,838 | ---- | M] () -- \Users\Misko\Music\Flux Pavilion - Plux Favilion [2011][v2]\Flux Pavilion - Cracks.mp3
< *keygen* /s >
< *AntiWPA* /s >
< *loader* /s >
[2013/05/30 00:13:38 | 000,000,194 | ---- | M] () -- \Program Files (x86)\Common Files\Blizzard Entertainment\BlizzardDownloader.ini
[2011/03/19 22:13:33 | 000,169,384 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6 Standalone\cstrike\models\qloader.mdl
[2011/03/19 22:09:50 | 000,352,548 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6 Standalone\valve\models\loader.mdl
[2011/03/19 22:09:55 | 000,012,764 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6 Standalone\valve\sound\ambience\loader_hydra1.wav
[2011/03/19 22:09:55 | 000,012,164 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6 Standalone\valve\sound\ambience\loader_step1.wav
[2010/02/22 12:24:38 | 000,071,008 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2010/02/22 12:36:12 | 000,073,568 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2012/02/27 22:58:46 | 000,008,787 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderLargeBlue.gif
[2012/02/27 22:58:46 | 000,008,787 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderLargeGrey.gif
[2012/02/27 22:58:46 | 000,001,737 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderSmallBlue.gif
[2012/02/27 22:58:46 | 000,001,737 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderSmallGold.gif
[2012/10/26 18:04:12 | 000,329,056 | ---- | M] () -- \Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2_loader.dll
[2012/10/26 18:01:02 | 000,293,376 | ---- | M] () -- \Program Files (x86)\Ubisoft\Ubisoft Game Launcher\uplay_r1_loader.dll
[2012/12/04 17:00:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012/12/04 17:00:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012/12/04 17:00:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2012/12/04 17:00:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012/12/04 17:00:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012/12/04 17:00:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2014/03/03 01:43:38 | 000,030,595 | ---- | M] () -- \Users\Misko\Documents\StarCraft II\Accounts\113558682\1-S2-1-4161750\Replays\Unsaved\Multiplayer\Unit Preloader.SC2Replay
[2011/12/14 00:37:39 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2011/12/14 00:37:39 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009/07/14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 01:39:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 01:39:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21824_none_6956c610ab953386\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 00:37:39 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21831_none_6948f546aba00372\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 00:28:38 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_d5134ed413e8a2b1.manifest
[2011/12/14 00:28:38 | 000,033,152 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_d5134ed413e8a2b1_winload.efi.mui_35ee487d
[2011/12/14 00:28:38 | 000,033,152 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_d5134ed413e8a2b1_winload.exe.mui_3bc5b827
[2011/12/14 00:28:38 | 000,030,080 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_d5134ed413e8a2b1_winresume.efi.mui_f412814e
[2011/12/14 00:28:38 | 000,030,080 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_d5134ed413e8a2b1_winresume.exe.mui_ff8b5358
[2011/12/14 00:28:39 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_b9967d2e9c93cb50.manifest
[2011/12/14 00:28:39 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_b9967d2e9c93cb50_winload.efi_75834aa0
[2011/12/14 00:28:39 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_b9967d2e9c93cb50_winload.exe_75835076
[2011/12/14 00:28:39 | 000,567,232 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_b9967d2e9c93cb50_winresume.efi_85cd069f
[2011/12/14 00:28:39 | 000,519,696 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_b9967d2e9c93cb50_winresume.exe_85cd1215
[2009/07/14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2010/11/21 15:59:29 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2011/12/14 00:28:27 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_en-us_d5134ed413e8a2b1.manifest
[2010/11/21 04:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011/12/14 00:20:26 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011/12/14 00:20:26 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2011/12/14 00:28:27 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_b9967d2e9c93cb50.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_9fafda64680afbaf.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_da-dk_3ce9ba8b5e50f7ae.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_el-gr_e2ab7d5a4f3cb4d6.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_fi-fi_81ec875144463bdc.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_hu-hu_ccf978eb265e2f30.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_ko-kr_b5404aabfebc1e83.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_nb-no_9dd2cbe0d6e14a3f.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pl-pl_e24e71a0bd2fc1c8.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pt-br_e4a25c44bbb955ac.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pt-pt_e5842bb0bb28c588.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_ru-ru_2c273d74a00a53b4.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_sv-se_c82227e997335e0f.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_tr-tr_712f723085ef6000.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-cn_428c902e3627321f.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-hk_413788bc3702a4af.manifest
[2011/12/14 00:28:27 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-tw_4688cd8433980e8f.manifest
[2009/07/14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 01:39:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 01:39:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21824_none_0d382a8cf337c250\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/14 00:37:39 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21831_none_0d2a59c2f342923c\api-ms-win-core-libraryloader-l1-1-0.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2012/03/29 05:01:00 | 000,413,696 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.dll
[2012/10/25 18:49:09 | 001,186,816 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.ni.dll
[2011/12/14 01:54:17 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011/12/14 01:54:17 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2011/12/14 01:54:17 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012/03/27 18:37:02 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6b714edb5f4f5a71bb3f4ce9b30ea1a3\System.Runtime.Serialization.ni.dll
[2012/03/27 17:38:06 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d7b3b8ccc330ab387ec652ade6bda128\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012/03/27 18:36:08 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\3878c0540bef43de84461142e35abc78\System.Runtime.Serialization.ni.dll
[2012/03/27 17:39:46 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\c5d43ef7812034bf0b4004f78c7a9233\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013/11/03 21:25:11 | 000,304,640 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\873837befa260d32cd0b3ce811b96efb\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013/11/03 21:25:11 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\873837befa260d32cd0b3ce811b96efb\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2013/11/03 21:25:16 | 002,785,280 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll
[2013/11/03 21:25:16 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll.aux
[2013/11/04 19:30:24 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\15ecbb8a1ddca366bda70718005521a1\System.Xml.Serialization.ni.dll
[2013/11/04 19:30:24 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\15ecbb8a1ddca366bda70718005521a1\System.Xml.Serialization.ni.dll.aux
[2013/11/04 19:31:58 | 000,373,248 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\cab4c46773a123bd72b938cc405aed46\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013/11/04 19:31:58 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\cab4c46773a123bd72b938cc405aed46\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2013/11/04 19:33:04 | 003,599,872 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\9ffb83b70cc1fa28d2fd02956cf0c831\System.Runtime.Serialization.ni.dll
[2013/11/04 19:33:04 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\9ffb83b70cc1fa28d2fd02956cf0c831\System.Runtime.Serialization.ni.dll.aux
[2013/11/04 19:36:08 | 000,028,672 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\b2db45296eabfd00db1920158f3f5eb5\System.Xml.Serialization.ni.dll
[2013/11/04 19:36:08 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\b2db45296eabfd00db1920158f3f5eb5\System.Xml.Serialization.ni.dll.aux
[2012/07/09 01:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/09 01:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2012/07/09 01:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2012/07/09 01:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2012/07/09 01:40:08 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012/07/09 01:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2012/07/09 01:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011/12/14 01:54:17 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2012/07/09 01:40:08 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2012/07/09 01:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/09 01:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2012/07/09 01:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2012/07/09 01:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2012/07/09 01:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2012/07/09 01:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2009/06/10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011/12/14 01:54:17 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2012/07/09 01:40:08 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2012/07/09 01:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/09 01:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2012/07/09 01:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2012/07/09 01:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2012/07/09 01:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2012/07/09 01:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009/07/14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/06/10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2010/11/21 16:00:02 | 000,005,120 | ---- | M] () -- \Windows\System32\sk-SK\serialui.dll.mui
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2010/11/21 16:00:02 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\sk-SK\serialui.dll.mui
[2010/11/21 16:00:00 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_d5f23af62a751552\serialui.dll.mui
[2009/07/14 02:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2010/11/21 16:00:06 | 000,010,240 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_64015f894ce7c72a\serial.sys.mui
[2009/07/14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009/06/10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010/11/21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2011/12/14 01:29:02 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.21812_none_424b46668e8b2488\System.Runtime.Serialization.dll
[2011/12/14 01:54:17 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.21864_none_42501a488e86d67d\System.Runtime.Serialization.dll
[2010/11/21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2011/12/14 01:29:02 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21812_none_7d225330e2831f21\System.Runtime.Serialization.dll
[2011/12/14 01:54:17 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21864_none_7d272712e27ed116\System.Runtime.Serialization.dll
[2011/12/14 00:20:35 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011/12/14 00:20:35 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2010/11/21 16:00:28 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_d5f23af62a751552_serialui.dll.mui_7d29d2a3
[2009/07/14 03:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2010/11/21 16:00:28 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c_serialui.dll.mui_7d29d2a3
[2009/07/14 03:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009/07/14 03:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011/12/14 00:20:26 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011/12/14 00:20:26 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009/07/14 03:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010/11/21 04:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2011/12/14 01:28:53 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.21812_none_424b46668e8b2488.manifest
[2011/12/14 01:54:10 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.21864_none_42501a488e86d67d.manifest
[2010/11/21 04:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2011/12/14 01:28:53 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21812_none_7d225330e2831f21.manifest
[2011/12/14 01:54:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21864_none_7d272712e27ed116.manifest
[2010/11/21 04:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2011/12/14 01:28:53 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21812_none_8fb1a8a08e81acb2.manifest
[2011/12/14 01:54:10 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21864_none_8fb67c828e7d5ea7.manifest
[2010/11/21 15:59:36 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2011/12/14 01:28:53 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.21812_en-us_7879696fd97917de.manifest
[2011/12/14 01:54:10 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.21864_en-us_787e3d51d974c9d3.manifest
[2010/11/21 04:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2011/12/14 01:28:53 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21812_none_bff4de3ab628ade5.manifest
[2011/12/14 01:54:10 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21864_none_bff9b21cb6245fda.manifest
[2010/11/21 04:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2011/12/14 01:28:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21812_none_c4cf8a07f6ff4827.manifest
[2011/12/14 01:54:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21864_none_c4d45de9f6fafa1c.manifest
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2011/12/14 01:29:02 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21812_none_8fb1a8a08e81acb2\System.Runtime.Serialization.dll
[2011/12/14 01:54:17 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21864_none_8fb67c828e7d5ea7\System.Runtime.Serialization.dll
[2010/11/21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2011/12/14 01:29:02 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21812_none_bff4de3ab628ade5\System.Runtime.Serialization.dll
[2011/12/14 01:54:17 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21864_none_bff9b21cb6245fda\System.Runtime.Serialization.dll
[2010/11/21 16:00:02 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c\serialui.dll.mui
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010/11/21 04:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2011/12/14 01:29:02 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21812_none_c4cf8a07f6ff4827\System.Runtime.Serialization.dll
[2011/12/14 01:54:17 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21864_none_c4d45de9f6fafa1c\System.Runtime.Serialization.dll
< *w7lxe* /s >
< End of report >
Re: Malware v pc ? Prosim o radu
OTL Extras logfile created on: 22. 6. 2014 13:24:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Misko\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
7,98 Gb Total Physical Memory | 6,37 Gb Available Physical Memory | 79,85% Memory free
15,96 Gb Paging File | 14,26 Gb Available in Paging File | 89,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 30,05 Gb Free Space | 43,96% Space Free | Partition Type: NTFS
Drive D: | 397,30 Gb Total Space | 79,56 Gb Free Space | 20,03% Space Free | Partition Type: NTFS
Computer Name: MISKO-PC | User Name: Misko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0483E152-437D-44E9-A925-ED325A259E42}" = lport=138 | protocol=17 | dir=in | app=system |
"{07B35171-F66D-49C9-B19F-AFDE3BBF5271}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07EBA0EC-9D00-47C7-9215-5165CEED2F6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0A745DC6-7C76-4A07-B6CC-1F0CCFFEB4CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0CF4F0A2-52DF-4234-9575-B586924F5E1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D86C55A-1A2E-4868-910C-5C6AB11ACB26}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1209D85C-3654-4CF0-B9C1-E8606268925D}" = rport=137 | protocol=17 | dir=out | app=system |
"{13C4B37B-53EB-45AD-BFC1-926CDE60ABA2}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26BFB9D9-DAA9-43B7-8AE4-655D25543F1B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{278D8437-90E4-42E9-8649-927B531C849C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2BF7EFED-675A-4E43-AC61-F779BD116FA5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C47E638-563B-4DA0-968F-8F2BF5517006}" = lport=10244 | protocol=6 | dir=in | app=system |
"{32247E45-914A-4D37-B715-BABB77B52092}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F7EC669-DF1C-4C1A-BC8D-9E2AA46D8947}" = lport=3390 | protocol=6 | dir=in | app=system |
"{400690E8-05D7-47B1-8D3B-1E84184E359E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{414B0A20-B088-4578-B8C7-CD4CDCDE76BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{458427B7-FBEE-407D-A756-3A43BF79EAC4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51E475FF-EBA2-4929-A080-B5D863958A1A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{538AE1F9-0B67-4BA0-8495-62C86C7124E9}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5579EF59-F668-4F1D-9E8B-90BF1204433E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{56E28584-42CA-4956-9D29-7AC8D3C3EC2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67093AA7-1526-45BF-93B9-3059518FF56D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{718A6CEC-E2CB-4776-AC8C-361CF70BFE09}" = lport=139 | protocol=6 | dir=in | app=system |
"{72F1F532-B77D-493E-A7B3-645B3EE972E9}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FE3AF1A-31D5-4888-9053-F9058FA07A91}" = rport=445 | protocol=6 | dir=out | app=system |
"{88F5775C-6B67-4933-971F-0796C1E13560}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A130A8A-1C73-482C-862B-8792F03CA371}" = rport=138 | protocol=17 | dir=out | app=system |
"{8A2B91F8-EC96-4071-BDEF-1A24ACB4E217}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90771DE5-8DBF-49EA-B37A-48974AE16839}" = lport=137 | protocol=17 | dir=in | app=system |
"{A6BDC4CF-EC77-4B97-98C2-28634BBF18CB}" = lport=10244 | protocol=6 | dir=in | app=system |
"{AE84DCF2-F315-43C3-A52F-256272109711}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B7CE5C87-9BC9-4E59-BD42-09B336A33A7B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD27A899-93CB-48CC-9441-CDF7F87949FF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C673B387-D30E-4CA2-B681-1D9CA473E1BE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C9B6E8D0-8BA5-4CD3-A214-A913F7F61DAA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CD8C3A35-22D0-4241-9B73-03DFF0A258E8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1BA7F52-630F-4672-BEE4-920E1D280588}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D606017A-68D7-4FDF-90D8-9AE766D1BFEC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8821CC6-DAEA-4B6B-8881-B91CD13A7AF4}" = rport=139 | protocol=6 | dir=out | app=system |
"{DB49B5A0-2179-4239-971D-ED3875F1A4A1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DF41DB1F-F889-442A-A564-5C20BC7FF733}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E402D2C2-CC7A-4D93-874D-D6EDA9DD4B05}" = lport=445 | protocol=6 | dir=in | app=system |
"{E7172EDE-D2C1-401A-A6E4-57D49FB0263D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{ED747D7A-8DF3-4363-9CCE-2D4412CB3354}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4A37655-2F25-408F-8E31-FF686E6FB106}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FEE5561C-A82A-4FC0-AB5D-51565A4613E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DDDF48-B0BC-45EF-804E-921571FD98EB}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{05F07747-4501-4E9D-8A58-4FBBF7E70B0E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{06419E2F-8235-40B3-925A-0278F0632B64}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{06D3AD33-DAAE-4AC0-A8C4-731E9D708AB2}" = protocol=6 | dir=in | app=d:\games\crysis\bin64\crysisdedicatedserver.exe |
"{0BFEDF68-C050-4A43-A0E7-3245315E5D48}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0E46FC08-6119-4EA7-A019-C65E25F4E994}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{102A5A6A-89B6-46F2-A94E-8C27AA623971}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe |
"{10F5D7EF-23C9-4AA4-9A6F-35CA117FF8C7}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dota 2 beta\dota.exe |
"{11DCC622-1D9E-47D5-A7CC-30B5C091194E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{15DC6AC2-D8AE-4B04-B282-529B185A131A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{1645B0EC-4ED2-43DF-A6BB-66821391FA02}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2\arma2.exe |
"{18A643C9-730A-494E-8A31-039C9C8DF094}" = protocol=6 | dir=in | app=a:\hry\fifa 14\game\fifa14.exe |
"{18ED3C18-BA3A-4E66-9DED-C23D658FFDDA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1A324B56-FD76-4D7B-A3E8-E452454123B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D4D12D1-0262-4916-92B6-7F06CBB43813}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1E1A0EE6-9407-473A-9673-C25D69A7006F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1E50D7EB-B77D-4A6A-969A-EB72ED923128}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1F097CFA-D712-4EB2-9E01-18767A0DF51F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1F134A77-B967-4EFB-88C8-7573E68B3D36}" = protocol=6 | dir=in | app=d:\programs\ventrilo 3.8\ventrilo.exe |
"{1F5F5871-A9FE-4D6E-BE90-3A7678F439A1}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{220122FB-27C2-4E90-82D6-2F20A8FF5106}" = protocol=6 | dir=in | app=d:\games\max payne 3\playmaxpayne3.exe |
"{23CFA334-9CB1-4E73-8231-CC1DCD71BDC4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{24FE96C3-3F6A-4FD7-A963-C7161B46F6F7}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{27E14EFC-EFFA-4239-BD7D-CDC09C7859BC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{29320FA2-7EBD-4230-A3B7-10A07C092128}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{2A48E598-6B17-4226-91EB-E0633E61DF61}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{2B411977-C333-4A9D-BF67-3D5DF16F2843}" = protocol=6 | dir=in | app=d:\games\battle.net\battle.net.exe |
"{2BC514A7-14C0-4F81-A031-5DE09D000364}" = protocol=6 | dir=in | app=a:\hry\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{2D1B9DE3-1367-4DCE-8F07-B2A3AC80F771}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{2D6F6CA1-AFDC-4985-B2AE-9A51FD8AA4C2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe |
"{2DEAF5D1-37A9-49CB-A73E-A6D17DE1C1FF}" = protocol=17 | dir=in | app=d:\programs\utorrent\utorrent.exe |
"{2E904DF2-53CC-431E-ADA1-66818710572A}" = protocol=17 | dir=in | app=a:\avg\avgnsa.exe |
"{2F119DC4-534D-4B79-8130-93516FFACB3D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2\arma2.exe |
"{3013F5C3-D616-43C4-8907-4C07B46912C1}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{316E58F2-3EBD-403D-BDF4-E39D843695B3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{32B8894F-1A87-40D9-AD93-DF5E9C29E41C}" = protocol=17 | dir=in | app=a:\hry\steam\steamapps\common\team fortress 2\hl2.exe |
"{3327BA67-D684-4361-9995-3B1C3D81F758}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{33A6F26E-8A99-4AD5-BD27-C591583E600F}" = protocol=17 | dir=in | app=a:\hry\wd\bin\watch_dogs.exe |
"{384FF1A9-5A09-4C89-972A-320ED739F250}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{3957CAC1-7F56-4F8E-8DC6-F6C544809E4A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{3BC5B29F-0767-455B-8601-56F3D1649E05}" = protocol=17 | dir=in | app=a:\hry\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{3D2B6FAF-9804-47CD-A9D4-D25F054D04ED}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\skazaton\counter-strike source\hl2.exe |
"{3D92B898-F733-4725-93AE-10F3560C7CED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3E1F2EE7-B887-467B-8BFC-39F17DE97EC5}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{43AB29C2-906A-4941-90AA-5EFECAC6529A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{46BB985C-0940-40EA-97F8-4421D60F0D4D}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{489EF8FE-B63A-4008-8C3E-C0C7EC958E02}" = protocol=6 | dir=in | app=d:\games\crysis\bin32\crysis.exe |
"{4A716036-2094-4215-A082-E7EF1CAACB1E}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{4ADA5BA7-1988-403B-BCF3-02A61568CCFF}" = protocol=6 | dir=in | app=a:\hry\steam\steamapps\common\metro 2033\metro2033.exe |
"{4B84A0F0-7EB5-493B-8C96-C988ED337E31}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BB1237F-D24B-4367-90E0-351044D018CC}" = protocol=6 | dir=in | app=a:\hry\steam\steamapps\common\team fortress 2\hl2.exe |
"{4DE3C89F-557B-4A98-87C1-0B1AC6C72F92}" = protocol=17 | dir=in | app=d:\programs\vt2\ventrilo.exe |
"{4DE7302B-1DD0-4702-BA9D-51A12F00045F}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{53B5D277-5DE2-41DD-A7C1-6612CB99CE5E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{54731184-993F-4E08-A117-BF7940CE4D76}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{5550051C-BE5A-48B1-9C2D-DA0FF6590E31}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{57805A02-F91D-40E3-AB46-02CC5A21C6F1}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe |
"{579E7009-0406-411C-AA76-D16DF34A6F6F}" = protocol=17 | dir=in | app=a:\hry\assasins creed 1\assassinscreed_dx9.exe |
"{57F34C80-6B90-435B-9673-9EBACDAE25B9}" = protocol=17 | dir=in | app=d:\games\crysis\bin64\crysis.exe |
"{583497F5-F397-4D96-A95F-1D43A30D4B3C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5CB7DD9E-1C18-4C38-A737-76B80CA566D7}" = protocol=17 | dir=in | app=d:\games\hearthstone\hearthstone.exe |
"{5CBD4E7A-5684-4E85-AD3A-3817956610FA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5EFCAC40-F113-4EF2-816A-ED4BF1385288}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5F11580F-F09C-4572-B8F4-5C98D2000AF6}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dota 2 beta\dota.exe |
"{616D8E0C-009A-4C21-AFC1-D737060F8643}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{6294B127-0334-4ED1-9971-1E92E426F2FD}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{648DAB11-C882-4672-96B7-FD24CEC27DC7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{66E61458-0669-41D5-86D7-14694D168F17}" = protocol=17 | dir=in | app=a:\hry\assasins creed 1\assassinscreed_dx10.exe |
"{68705D75-62F3-40F0-B408-9815744BC68A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{6B012186-94CA-4EF8-8F49-26E80BF2EE18}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{70D5D439-58B6-4DB9-9F4D-E6172E6B0682}" = protocol=17 | dir=in | app=d:\games\battle.net\battle.net.exe |
"{7183CF83-C5BA-4CE9-A498-24F65C104331}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{71B7A922-D35E-4DDB-B1F6-EA221F9BB3A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73F802AE-11E1-4099-B47C-29511535CB6C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{755C5A93-DC8A-487F-8979-924CED791183}" = protocol=6 | dir=in | app=a:\hry\assasins creed 1\assassinscreed_launcher.exe |
"{756CFD3D-40BA-475F-A620-82A1C06CEF62}" = protocol=6 | dir=in | app=a:\hry\starcraft ii\starcraft ii.exe |
"{75C46926-CE81-49FE-9BEA-70F74AA37C1B}" = protocol=17 | dir=in | app=d:\games\battlefield 4\battlefield 4\bf4.exe |
"{77744D80-B35D-4D54-9985-C29AABFC20A0}" = protocol=17 | dir=in | app=a:\hry\starcraft ii\starcraft ii.exe |
"{77BF0736-5053-4A25-865D-817A6B7F77CF}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{79ACBCFD-41FA-40FE-83B7-22192C57F819}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{7A076FB2-E78D-4107-B9D2-8FA6F7FF7D92}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{7A19C79A-B006-4809-98C3-26D4D49EC001}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{7BACE0E9-FBB9-4C0E-A009-4DC96DF6BE9B}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{7D5A88AB-EAE8-46DB-BF34-AA48C8012681}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7F957609-8F74-4D15-87EE-97C748009B9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8010E543-1CBF-4C9F-AB7C-F989DE397C44}" = protocol=6 | dir=in | app=d:\games\crysis\bin32\crysisdedicatedserver.exe |
"{81F98BEF-9F42-4FEA-B916-42966DC71EAC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8245F07A-5866-4C4F-AAE2-99320A69ADF4}" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"{8317F3EA-2DFD-49AD-9BE5-CE41C8C9D3C9}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{85733B99-3F7C-43A8-ABB9-2A96D99CEE6F}" = protocol=6 | dir=in | app=d:\games\hearthstone\hearthstone.exe |
"{8942094E-14F2-4704-B1D9-3366AFD164A4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8A1D7D6E-33CD-4C15-AD74-517CF88EFD8A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{8A66F1FA-C43D-4246-BB84-1111236B8C39}" = protocol=6 | dir=in | app=a:\hry\titanfall\titanfall.exe |
"{8AE25A05-632B-4C40-9CBE-46099BEF969B}" = protocol=6 | dir=in | app=a:\avg\avgdiagex.exe |
"{8AF96A15-19FA-4319-AF37-65F4FE077BDC}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{8C138480-5EA3-4224-8CDB-789CB889ADDE}" = protocol=6 | dir=in | app=a:\avg\avgemca.exe |
"{8DED8ED4-664D-40D1-9A23-A6249D8B108C}" = protocol=6 | dir=in | app=a:\avg\avgmfapx.exe |
"{8E0B1EE7-26F0-45E5-895E-0CE658C1394E}" = protocol=17 | dir=in | app=a:\hry\assasins creed 1\assassinscreed_launcher.exe |
"{900FF686-E438-4D18-BE7D-1C6777161D01}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2\arma2.exe |
"{912F3A99-9B6C-4133-A6ED-F78C4437934E}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe |
"{9701ADAC-9303-4B35-8D87-9B98A2F7F288}" = protocol=17 | dir=in | app=a:\hry\titanfall\titanfall.exe |
"{97D514A6-C317-4847-B3FC-F708AA15C27D}" = protocol=17 | dir=in | app=a:\hry\fifa 14\game\fifa14.exe |
"{9815A1FE-AAA8-443F-83EC-F66A5D2A2885}" = protocol=17 | dir=in | app=d:\games\battlefield 4\battlefield 4\bf4_x86.exe |
"{99D43D97-9C28-46BE-AF2E-E2E362AA165C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{9A953D94-8FE8-49B3-80EB-A095BE2EE847}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B2C297F-009A-4C6F-AF27-92D73E20961D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9BF7091A-A37A-4375-8714-C0C350771F2D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{9C6F3AF6-BFC2-4F74-A992-42DAD235CC9F}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe |
"{9C9A342E-669A-4BF5-8E13-A53AF1FB4310}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dota 2 beta\dota.exe |
"{9E1CD6F2-C79B-4F69-9407-89D959BEA3E3}" = protocol=6 | dir=in | app=d:\games\battlefield 4\battlefield 4\bf4.exe |
"{A015024E-D300-4CCE-8756-7895C24FEB6F}" = protocol=17 | dir=in | app=d:\programs\ventrilo 3.8\ventrilo.exe |
"{A1D6CA91-CDAA-40B1-A17B-665EA0839218}" = protocol=17 | dir=in | app=a:\avg\avgdiagex.exe |
"{A3580869-5FF9-46F8-AD63-E89B60F76D0E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe |
"{A3B01004-089F-49E7-8028-60D0298CF693}" = protocol=6 | dir=in | app=a:\hry\assasins creed 1\assassinscreed_dx10.exe |
"{A83BE1F1-D11C-479E-9417-693EF916FD7E}" = protocol=6 | dir=in | app=d:\programs\vt2\ventrilo.exe |
"{A8C6EBC2-2948-4F62-94B3-7DE47EA8CE08}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |
"{AA68DCE6-B2D9-4142-947E-E0AA33582991}" = protocol=6 | dir=in | app=d:\games\crysis\bin64\crysis.exe |
"{AE578E95-7ACD-40AB-A8FB-19E2775C671B}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2\arma2.exe |
"{AEDE057E-E13E-41AE-A903-5B454553AD0A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AEF79A4F-F115-4C03-AFC2-BA3BA3E4FCDA}" = protocol=6 | dir=in | app=a:\hry\heroes of the storm\support\heroesswitcher.exe |
"{B1812678-D52C-455B-98A1-4C9BD1E3B086}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B5BB6CB7-0C5A-4FBE-935A-C75039F14ACD}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{B7A6E83F-6F99-492D-B2B2-643A7FDF1C5A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{BB065540-8AF7-434B-B0C9-909351F99068}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BBC9D1B2-E370-4BFD-814D-9321A03A0901}" = protocol=17 | dir=in | app=a:\avg\avgmfapx.exe |
"{BC3F18AC-71BB-455F-ACD9-8830529A7BFE}" = protocol=58 | dir=in | app=system |
"{BCBE4C05-67AF-4AB4-A3C6-DE13F2F41C55}" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"{BD214196-B410-4155-AADD-ADEBB1A40C7D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{BF1A3076-7FE6-4693-B650-712750816DDF}" = protocol=6 | dir=in | app=d:\games\battlefield 4\battlefield 4\bf4_x86.exe |
"{C0AF3A80-0A6D-4886-8D64-7659CE9DB2B6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C1228D4E-B551-4399-A89D-FA3B68DCA0ED}" = protocol=17 | dir=in | app=d:\games\battlefield 3\battlefield 3\bf3.exe |
"{C27172A1-5A6C-4AA7-907C-1285DC819641}" = protocol=17 | dir=in | app=d:\games\crysis\bin32\crysis.exe |
"{C6B22E5F-D3F5-4FC2-83E8-2B2EFDB83C5A}" = protocol=6 | dir=in | app=a:\hry\wd\bin\watch_dogs.exe |
"{C7F75B55-5E1F-46BD-B838-744AF1CEC828}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{CB927C00-A8AB-425F-A224-5B7C3C1ABEAA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{CCD75C0B-B1DB-4AF0-BEE6-540D70FE84AE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{CD19C0B4-4A18-4166-B04D-AD37B6418F17}" = protocol=17 | dir=in | app=d:\games\crysis\bin64\crysisdedicatedserver.exe |
"{D5C9B7FD-49BB-4C95-BF4A-CBD8B2BE73F8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{D6CEDFFD-8178-43ED-A938-7EF29BAFF0D8}" = protocol=6 | dir=in | app=d:\games\battlefield 3\battlefield 3\bf3.exe |
"{D807D687-5161-4977-B9D1-C8D557F9197F}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{DA60AEF3-4537-436D-B71B-002D8481CD20}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dota 2 beta\dota.exe |
"{DCF0AB0E-3D1D-4582-9468-95C1AC3A513E}" = protocol=17 | dir=in | app=a:\avg\avgemca.exe |
"{DEAC15BB-43E0-4CCA-AA28-C14D99D10A4C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DFA3835F-33A1-4BE1-AFA7-70D8E5634E79}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\skazaton\counter-strike source\hl2.exe |
"{E79F3F40-DDD0-4AE5-81D4-22E4D3DE86DC}" = protocol=17 | dir=in | app=a:\hry\heroes of the storm\support\heroesswitcher.exe |
"{E8C8FC7D-23EA-478E-8AB6-02B91274D330}" = protocol=6 | dir=in | app=d:\programs\utorrent\utorrent.exe |
"{E9313189-5EC8-4588-85CD-58B16C131845}" = protocol=17 | dir=in | app=d:\games\crysis\bin32\crysisdedicatedserver.exe |
"{EF58F79F-1CEC-4CCC-A9DF-B9F734FAD46A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{F259C10F-BF44-491D-A45D-9CBC6F13059F}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |
"{F3441CDA-6705-4F3F-AD86-237BD036C59A}" = protocol=6 | dir=in | app=a:\hry\assasins creed 1\assassinscreed_dx9.exe |
"{F443F130-5DDE-42AA-BAFC-FFBA78AEC70A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{FA57D578-E368-4F01-8709-87FE6D1B4008}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{FA8160E4-289C-40E3-831A-CAF47D27F56C}" = protocol=6 | dir=in | app=a:\avg\avgnsa.exe |
"{FC12C8BE-092E-42E5-B381-1DDEDE69A18B}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{FC442ED0-B739-4468-8BF7-0E6CEA4D6F9A}" = protocol=17 | dir=in | app=a:\hry\steam\steamapps\common\metro 2033\metro2033.exe |
"{FEC6662B-D3D0-430E-9360-C5F0E983C6E2}" = protocol=17 | dir=in | app=d:\games\max payne 3\playmaxpayne3.exe |
"{FF895C22-D930-4612-B9C6-C6E6904CEA4F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"TCP Query User{05C69144-1818-496D-A6B8-9BAB424FC48B}A:\hry\starcraft ii\versions\base26490\sc2.exe" = protocol=6 | dir=in | app=a:\hry\starcraft ii\versions\base26490\sc2.exe |
"TCP Query User{11C97370-2891-41A1-8F22-2548AE8255D4}D:\programs\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\programs\mirc\mirc.exe |
"TCP Query User{130887EC-912D-48F6-B26C-062691BBFC87}D:\programs\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\programs\mirc\mirc.exe |
"TCP Query User{186722E5-1101-40D8-9650-21A5DC9082B0}A:\hry\outlast\binaries\win64\olgame.exe" = protocol=6 | dir=in | app=a:\hry\outlast\binaries\win64\olgame.exe |
"TCP Query User{1899E149-D84C-4785-B35B-FA298E83BF13}D:\games\starcraft\starcraft.exe" = protocol=6 | dir=in | app=d:\games\starcraft\starcraft.exe |
"TCP Query User{28F4C05D-66E0-43E0-8027-50FC3F7F8A92}D:\games\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=d:\games\need for speed most wanted\nfs13.exe |
"TCP Query User{3C82FC2E-C1CC-439F-9265-DAF79D0C2AD7}D:\programs\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=d:\programs\lolreplay\lolreplay.exe |
"TCP Query User{523BB02F-FB76-4557-A034-2516D9530BFD}C:\program files (x86)\counter-strike 1.6 standalone\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6 standalone\launcher.exe |
"TCP Query User{749D619E-B9B4-49EA-91EF-DFFAC6BA341F}D:\games\steam\steamapps\skazaton\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\skazaton\counter-strike source\hl2.exe |
"TCP Query User{7ED6B11B-FECA-4419-8B63-38B2326D140D}D:\games\gow\binaries\wargame-g4wlive.exe" = protocol=6 | dir=in | app=d:\games\gow\binaries\wargame-g4wlive.exe |
"TCP Query User{85BE05AF-587D-4B1A-9634-1AA2E595F42E}D:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\war3.exe |
"TCP Query User{8974E850-F32E-4A02-88C5-D2504EF62C7A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{9D54E80C-A341-4E95-B51A-E6BDDADE5023}A:\hry\heroes of the storm\versions\base30509\heroesofthestorm.exe" = protocol=6 | dir=in | app=a:\hry\heroes of the storm\versions\base30509\heroesofthestorm.exe |
"TCP Query User{B4137A2E-EB92-465C-B132-C0B023A71E42}C:\program files (x86)\counter-strike 1.6 standalone\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6 standalone\launcher.exe |
"TCP Query User{DF521DEF-F48D-4E99-9597-C2AADD534D5D}D:\games\need for speed(tm) rivals-sg\nfs14.exe" = protocol=6 | dir=in | app=d:\games\need for speed(tm) rivals-sg\nfs14.exe |
"TCP Query User{E88219D5-7DA7-41CA-BA2B-1CE265217904}D:\games\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"TCP Query User{EE0D8A09-D19F-42DD-B408-4911231C6CA4}D:\games\rage\rage.exe" = protocol=6 | dir=in | app=d:\games\rage\rage.exe |
"TCP Query User{EF1C643B-7521-49A1-8D12-123DAF58A402}D:\games\battlefield 3\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=d:\games\battlefield 3\battlefield 3\bf3.exe |
"TCP Query User{F3D240EA-58FB-4375-89B0-8CF66C082D0D}D:\games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\games\max payne 3\maxpayne3.exe |
"TCP Query User{F806B7DB-7947-487B-992C-3204CD8D8DA6}D:\games\steam\steam.exe" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |
"TCP Query User{FD132B05-0DE4-4408-A819-2C23E1573121}A:\hry\starcraft ii\versions\base28667\sc2.exe" = protocol=6 | dir=in | app=a:\hry\starcraft ii\versions\base28667\sc2.exe |
"TCP Query User{FDD8CC6D-C0B3-4A1E-A875-CCBF69632904}A:\hry\wolfenstein the new order\wolfneworder_x64.exe" = protocol=6 | dir=in | app=a:\hry\wolfenstein the new order\wolfneworder_x64.exe |
"UDP Query User{014F5ADD-7C0D-4787-B6C1-F0049902B6EB}D:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\war3.exe |
"UDP Query User{0800CB36-B1F7-4B8C-B5CF-8A587C5EC708}A:\hry\wolfenstein the new order\wolfneworder_x64.exe" = protocol=17 | dir=in | app=a:\hry\wolfenstein the new order\wolfneworder_x64.exe |
"UDP Query User{111B9B32-235C-47FA-BF7D-A9EB14275FC2}D:\games\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=d:\games\need for speed most wanted\nfs13.exe |
"UDP Query User{11566511-A2C5-4EA2-9820-4AC98ACFE391}A:\hry\heroes of the storm\versions\base30509\heroesofthestorm.exe" = protocol=17 | dir=in | app=a:\hry\heroes of the storm\versions\base30509\heroesofthestorm.exe |
"UDP Query User{1C705300-0DA6-4244-B0E7-D337C72B49B9}A:\hry\starcraft ii\versions\base28667\sc2.exe" = protocol=17 | dir=in | app=a:\hry\starcraft ii\versions\base28667\sc2.exe |
"UDP Query User{2895B61A-12EB-4771-BD83-09F13D4E658F}D:\games\need for speed(tm) rivals-sg\nfs14.exe" = protocol=17 | dir=in | app=d:\games\need for speed(tm) rivals-sg\nfs14.exe |
"UDP Query User{2BA50565-DFE5-4D0B-9DF6-FEBCD53726C0}D:\programs\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\programs\mirc\mirc.exe |
"UDP Query User{36DBD562-4622-4B0C-A177-0C4043A63606}C:\program files (x86)\counter-strike 1.6 standalone\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6 standalone\launcher.exe |
"UDP Query User{50EE643F-0327-4439-B7E3-F0DEBC0FFD79}D:\games\steam\steam.exe" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |
"UDP Query User{547D671E-32FC-4CA4-B8CA-0C398AD66E12}C:\program files (x86)\counter-strike 1.6 standalone\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6 standalone\launcher.exe |
"UDP Query User{692DD025-13AF-4A58-9231-3CA497421E76}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{6B261588-6F87-45E7-9DF1-EEE39FE322FA}D:\games\battlefield 3\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=d:\games\battlefield 3\battlefield 3\bf3.exe |
"UDP Query User{75EEF8C1-E1E8-439A-BD97-33E044719AB4}D:\programs\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=d:\programs\lolreplay\lolreplay.exe |
"UDP Query User{7AA46093-C71C-4DD8-AEA4-F5721E6FD37C}A:\hry\starcraft ii\versions\base26490\sc2.exe" = protocol=17 | dir=in | app=a:\hry\starcraft ii\versions\base26490\sc2.exe |
"UDP Query User{9E79CED2-9F59-4954-878D-678E68F0DE0C}D:\games\rage\rage.exe" = protocol=17 | dir=in | app=d:\games\rage\rage.exe |
"UDP Query User{AE297F89-EDE8-4094-80F8-F0216E7B8254}D:\games\steam\steamapps\skazaton\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\skazaton\counter-strike source\hl2.exe |
"UDP Query User{B463DF42-568A-4ED4-8D57-43B39B8D6389}D:\games\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"UDP Query User{C518F21D-F759-40A3-8D0B-292401939C35}A:\hry\outlast\binaries\win64\olgame.exe" = protocol=17 | dir=in | app=a:\hry\outlast\binaries\win64\olgame.exe |
"UDP Query User{CF912062-1B49-47A6-BFEC-A5A80F55C197}D:\games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\games\max payne 3\maxpayne3.exe |
"UDP Query User{D0621A68-FC6F-406F-89A5-736D6A128C2A}D:\games\starcraft\starcraft.exe" = protocol=17 | dir=in | app=d:\games\starcraft\starcraft.exe |
"UDP Query User{DF1BC02F-DB39-44FD-BC2E-55011DD1C3BD}D:\programs\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\programs\mirc\mirc.exe |
"UDP Query User{F3CF06D8-E7C0-4246-B58F-3ED860196F55}D:\games\gow\binaries\wargame-g4wlive.exe" = protocol=17 | dir=in | app=d:\games\gow\binaries\wargame-g4wlive.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0A2E1907-D0DE-0D01-CA64-CB0AB0BFE539}" = AMD Wireless Display v3.0
"{1664D45E-FA92-8C52-92E9-E8ADB04A18ED}" = AMD Drag and Drop Transcoding
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6119B3A6-3603-9695-0398-CDF2AF0A13F8}" = AMD Catalyst Install Manager
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Intel(R) Turbo Boost Technology Monitor 2.6
"{6CB0C0FC-4F27-43F5-84CC-ABC231F045C4}" = AVG 2014
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{ABD878B8-E7E3-2BC4-5A95-478133DCFFC3}" = AMD Accelerated Video Transcoding
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{CB21CD89-A4D3-4240-9AAA-55DCE7F3D076}" = AVG 2014
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D3485211-6ACA-8BC3-1AAB-29FC5552C454}" = ccc-utility64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"AVG" = AVG 2014
"CCleaner" = CCleaner
"CPUID HWMonitorPro_is1" = CPUID HWMonitor Pro 1.13
"ESL Wire_is1" = ESL Wire 1.15.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{031F80EB-1FE5-45EF-9DE2-E2F5AF01259F}" = CCC Help Spanish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B15A8C3-3B8A-F229-A880-82EA62908425}" = CCC Help Dutch
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1A6752E1-966B-9D1F-F6B7-DDBCA6FC87ED}" = CCC Help Russian
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{2058DA53-D5F2-D8D9-7325-39B0E367D1E1}" = CCC Help Swedish
"{2090B6D0-E025-5A67-9838-8F1D5768E643}" = CCC Help Chinese Standard
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{2AD4FF67-43E9-77AD-D90C-584F950E2D12}" = CCC Help French
"{347EE0C3-0690-48F6-A231-53853C2A80D6}" = Titanfall™
"{3A577334-7C90-55BC-1878-F5862FA268B2}" = CCC Help Korean
"{3BF289E3-933B-F421-3B59-F6BB0D285B09}" = CCC Help Hungarian
"{3CB6BA0C-6BC5-E543-221A-AA4DEBB6F4B5}" = CCC Help Polish
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{430E2D32-6EA9-E6E4-80A1-84047694A45B}" = CCC Help Czech
"{4A6A8D33-09CD-FD44-4BF0-999E8A6E93C8}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6EBDE2A2-0CFB-9134-A859-68A0002B3FA6}" = CCC Help Thai
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E80655-FB3C-46F4-BE00-62D248BC490A}" = Visual C++ 2008 Runtime (x64)
"{769E98DC-2BB0-83A7-51C9-306F30232345}" = Catalyst Control Center Graphics Previews Common
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{8181B50E-0E33-DE07-AAB2-E71BBBDBF288}" = CCC Help Portuguese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FB054C-7DA5-1C76-BFB2-423426DC35BB}" = AMD Catalyst Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A640069-9784-701E-AC8E-84F62C42D1A3}" = CCC Help English
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{93098E43-2743-1551-447F-2699E9591E9C}" = CCC Help Danish
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A3703A3B-FDCF-4349-4B2E-A189A2B90B51}" = CCC Help Chinese Traditional
"{A619A488-A4BA-F2A0-72FA-4C484B93DC0F}" = CCC Help Greek
"{AA7A2800-1E75-4240-855B-03AFF8E5171E}" = FIFA 14
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{C2872E18-8799-44A3-B6BD-AC535F1982A6}_is1" = Castlevania Lords of Shadow version 1.0.0.
"{C4799AAA-CE52-D2F1-63C8-E6D5106C78E0}" = CCC Help Norwegian
"{C6182116-5F2D-9949-B42B-06073E86A98A}" = CCC Help German
"{CC6C7F05-AF23-65BD-702D-705EAB723578}" = CCC Help Japanese
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D5B7F1A3-2CA6-4C5C-EFB6-4AA5772F5310}" = CCC Help Turkish
"{DBA6B3EF-A8C0-4EB2-9554-3A7879838580}" = Catalyst Control Center Localization All
"{DC7A1CE2-D28A-45B9-84AC-4D8A21D37FDA}_is1" = Weather Watcher
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E6B9277D-AC15-4E88-BA86-0047D69B4A8C}" = Trials Fusion
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A6308C-55E6-57DF-95BB-AEEF374B469A}" = CCC Help Finnish
"{F543B0F9-D1F9-25D1-993C-8430BEC9D889}" = Catalyst Control Center InstallProxy
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"«Tomb Raider - Game of the Year Edition»_is1" = «Tomb Raider - Game of the Year Edition»
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Audacity_is1" = Audacity 2.0.5
"AWC" = Advanced WarCraft3 Configurator (remove only)
"Battle.net" = Battle.net
"Battlelog Web Plugins" = Battlelog Web Plugins
"Counter-Strike 1.6 Standalone" = Counter-Strike 1.6 Standalone
"Crysis 3_is1" = Crysis 3 v1.0.0.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Episode 1" = Back to the Future The Game - Episode 1
"ESN Sonar-0.70.4" = ESN Sonar
"Foxit Reader_is1" = Foxit Reader 5.1
"Fraps" = Fraps
"Hearthstone" = Hearthstone
"Heroes of the Storm" = Heroes of the Storm
"ImgBurn" = ImgBurn
"LOLReplay" = LOLReplay
"mIRC" = mIRC
"Mozilla Firefox 30.0 (x86 sk)" = Mozilla Firefox 30.0 (x86 sk)
"Need for Speed Most Wanted_is1" = Need for Speed Most Wanted
"Open Broadcaster Software" = Open Broadcaster Software
"Origin" = Origin
"Outlast" = Outlast
"PunkBusterSvc" = PunkBuster Services
"Rage_is1" = Rage
"Rockstar Games Social Club" = Rockstar Games Social Club
"South Park The Stick of Truth_is1" = South Park The Stick of Truth
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 209170" = Call of Duty: Ghosts - Multiplayer
"Steam App 224580" = Arma 2: DayZ Mod
"Steam App 240" = Counter-Strike: Source
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 730" = Counter-Strike: Global Offensive
"SW5qdXN0aWNlR29kc0Ftb25nVXNVbHRpbWF0ZUVkaXRpb24=_is1" = Injustice: Gods Among Us Ultimate Edition
"The Elder Scrolls Online Beta_is1" = The Elder Scrolls Online Beta
"Uplay" = Uplay
"Uplay Install 274" = WATCH_DOGS
"uTorrent" = µTorrent
"V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1" = Wolfenstein: The New Order
"VLC media player" = VLC media player 2.0.1
"Warcraft III" = Warcraft III
"World of Warcraft" = World of Warcraft
"X-Mouse Button Control" = X-Mouse Button Control 2.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0b0d45f34cb2f7e6" = WinGrooves
"ESEA" = ESEA Client
"QIP 2005" = QIP 2005 8097
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11. 6. 2014 9:17:33 | Computer Name = Misko-PC | Source = WinMgmt | ID = 10
Description =
Error - 11. 6. 2014 9:21:42 | Computer Name = Misko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 11. 6. 2014 9:21:42 | Computer Name = Misko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 12. 6. 2014 7:41:25 | Computer Name = Misko-PC | Source = WinMgmt | ID = 10
Description =
Error - 12. 6. 2014 7:43:47 | Computer Name = Misko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 12. 6. 2014 7:43:47 | Computer Name = Misko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 12. 6. 2014 12:26:09 | Computer Name = Misko-PC | Source = WinMgmt | ID = 10
Description =
Error - 12. 6. 2014 12:28:30 | Computer Name = Misko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 12. 6. 2014 12:28:30 | Computer Name = Misko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 12. 6. 2014 13:49:02 | Computer Name = Misko-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 25. 7. 2012 8:18:38 | Computer Name = Misko-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =
[ System Events ]
Error - 20. 6. 2014 12:26:47 | Computer Name = Misko-PC | Source = XMouseButton Launcher | ID = 6
Description = Process token open Error: 6 (Popisovač nie je platný. )
Error - 20. 6. 2014 13:35:14 | Computer Name = Misko-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.
Error - 20. 6. 2014 13:37:01 | Computer Name = Misko-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 20. 6. 2014 13:37:23 | Computer Name = Misko-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.
Error - 20. 6. 2014 17:42:47 | Computer Name = Misko-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 20. 6. 2014 17:42:47 | Computer Name = Misko-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 20. 6. 2014 17:44:58 | Computer Name = Misko-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.
Error - 20. 6. 2014 17:47:17 | Computer Name = Misko-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.
Error - 20. 6. 2014 17:47:20 | Computer Name = Misko-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.
Error - 20. 6. 2014 18:32:09 | Computer Name = Misko-PC | Source = DCOM | ID = 10010
Description =
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Misko\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
7,98 Gb Total Physical Memory | 6,37 Gb Available Physical Memory | 79,85% Memory free
15,96 Gb Paging File | 14,26 Gb Available in Paging File | 89,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,36 Gb Total Space | 30,05 Gb Free Space | 43,96% Space Free | Partition Type: NTFS
Drive D: | 397,30 Gb Total Space | 79,56 Gb Free Space | 20,03% Space Free | Partition Type: NTFS
Computer Name: MISKO-PC | User Name: Misko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0483E152-437D-44E9-A925-ED325A259E42}" = lport=138 | protocol=17 | dir=in | app=system |
"{07B35171-F66D-49C9-B19F-AFDE3BBF5271}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07EBA0EC-9D00-47C7-9215-5165CEED2F6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0A745DC6-7C76-4A07-B6CC-1F0CCFFEB4CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0CF4F0A2-52DF-4234-9575-B586924F5E1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D86C55A-1A2E-4868-910C-5C6AB11ACB26}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1209D85C-3654-4CF0-B9C1-E8606268925D}" = rport=137 | protocol=17 | dir=out | app=system |
"{13C4B37B-53EB-45AD-BFC1-926CDE60ABA2}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26BFB9D9-DAA9-43B7-8AE4-655D25543F1B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{278D8437-90E4-42E9-8649-927B531C849C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2BF7EFED-675A-4E43-AC61-F779BD116FA5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C47E638-563B-4DA0-968F-8F2BF5517006}" = lport=10244 | protocol=6 | dir=in | app=system |
"{32247E45-914A-4D37-B715-BABB77B52092}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F7EC669-DF1C-4C1A-BC8D-9E2AA46D8947}" = lport=3390 | protocol=6 | dir=in | app=system |
"{400690E8-05D7-47B1-8D3B-1E84184E359E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{414B0A20-B088-4578-B8C7-CD4CDCDE76BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{458427B7-FBEE-407D-A756-3A43BF79EAC4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51E475FF-EBA2-4929-A080-B5D863958A1A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{538AE1F9-0B67-4BA0-8495-62C86C7124E9}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5579EF59-F668-4F1D-9E8B-90BF1204433E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{56E28584-42CA-4956-9D29-7AC8D3C3EC2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67093AA7-1526-45BF-93B9-3059518FF56D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{718A6CEC-E2CB-4776-AC8C-361CF70BFE09}" = lport=139 | protocol=6 | dir=in | app=system |
"{72F1F532-B77D-493E-A7B3-645B3EE972E9}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FE3AF1A-31D5-4888-9053-F9058FA07A91}" = rport=445 | protocol=6 | dir=out | app=system |
"{88F5775C-6B67-4933-971F-0796C1E13560}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A130A8A-1C73-482C-862B-8792F03CA371}" = rport=138 | protocol=17 | dir=out | app=system |
"{8A2B91F8-EC96-4071-BDEF-1A24ACB4E217}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90771DE5-8DBF-49EA-B37A-48974AE16839}" = lport=137 | protocol=17 | dir=in | app=system |
"{A6BDC4CF-EC77-4B97-98C2-28634BBF18CB}" = lport=10244 | protocol=6 | dir=in | app=system |
"{AE84DCF2-F315-43C3-A52F-256272109711}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B7CE5C87-9BC9-4E59-BD42-09B336A33A7B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD27A899-93CB-48CC-9441-CDF7F87949FF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C673B387-D30E-4CA2-B681-1D9CA473E1BE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C9B6E8D0-8BA5-4CD3-A214-A913F7F61DAA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CD8C3A35-22D0-4241-9B73-03DFF0A258E8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1BA7F52-630F-4672-BEE4-920E1D280588}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D606017A-68D7-4FDF-90D8-9AE766D1BFEC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8821CC6-DAEA-4B6B-8881-B91CD13A7AF4}" = rport=139 | protocol=6 | dir=out | app=system |
"{DB49B5A0-2179-4239-971D-ED3875F1A4A1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DF41DB1F-F889-442A-A564-5C20BC7FF733}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E402D2C2-CC7A-4D93-874D-D6EDA9DD4B05}" = lport=445 | protocol=6 | dir=in | app=system |
"{E7172EDE-D2C1-401A-A6E4-57D49FB0263D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{ED747D7A-8DF3-4363-9CCE-2D4412CB3354}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4A37655-2F25-408F-8E31-FF686E6FB106}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FEE5561C-A82A-4FC0-AB5D-51565A4613E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DDDF48-B0BC-45EF-804E-921571FD98EB}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{05F07747-4501-4E9D-8A58-4FBBF7E70B0E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{06419E2F-8235-40B3-925A-0278F0632B64}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{06D3AD33-DAAE-4AC0-A8C4-731E9D708AB2}" = protocol=6 | dir=in | app=d:\games\crysis\bin64\crysisdedicatedserver.exe |
"{0BFEDF68-C050-4A43-A0E7-3245315E5D48}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0E46FC08-6119-4EA7-A019-C65E25F4E994}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{102A5A6A-89B6-46F2-A94E-8C27AA623971}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe |
"{10F5D7EF-23C9-4AA4-9A6F-35CA117FF8C7}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dota 2 beta\dota.exe |
"{11DCC622-1D9E-47D5-A7CC-30B5C091194E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{15DC6AC2-D8AE-4B04-B282-529B185A131A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{1645B0EC-4ED2-43DF-A6BB-66821391FA02}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2\arma2.exe |
"{18A643C9-730A-494E-8A31-039C9C8DF094}" = protocol=6 | dir=in | app=a:\hry\fifa 14\game\fifa14.exe |
"{18ED3C18-BA3A-4E66-9DED-C23D658FFDDA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1A324B56-FD76-4D7B-A3E8-E452454123B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D4D12D1-0262-4916-92B6-7F06CBB43813}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1E1A0EE6-9407-473A-9673-C25D69A7006F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1E50D7EB-B77D-4A6A-969A-EB72ED923128}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1F097CFA-D712-4EB2-9E01-18767A0DF51F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1F134A77-B967-4EFB-88C8-7573E68B3D36}" = protocol=6 | dir=in | app=d:\programs\ventrilo 3.8\ventrilo.exe |
"{1F5F5871-A9FE-4D6E-BE90-3A7678F439A1}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{220122FB-27C2-4E90-82D6-2F20A8FF5106}" = protocol=6 | dir=in | app=d:\games\max payne 3\playmaxpayne3.exe |
"{23CFA334-9CB1-4E73-8231-CC1DCD71BDC4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{24FE96C3-3F6A-4FD7-A963-C7161B46F6F7}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{27E14EFC-EFFA-4239-BD7D-CDC09C7859BC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{29320FA2-7EBD-4230-A3B7-10A07C092128}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{2A48E598-6B17-4226-91EB-E0633E61DF61}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{2B411977-C333-4A9D-BF67-3D5DF16F2843}" = protocol=6 | dir=in | app=d:\games\battle.net\battle.net.exe |
"{2BC514A7-14C0-4F81-A031-5DE09D000364}" = protocol=6 | dir=in | app=a:\hry\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{2D1B9DE3-1367-4DCE-8F07-B2A3AC80F771}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{2D6F6CA1-AFDC-4985-B2AE-9A51FD8AA4C2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe |
"{2DEAF5D1-37A9-49CB-A73E-A6D17DE1C1FF}" = protocol=17 | dir=in | app=d:\programs\utorrent\utorrent.exe |
"{2E904DF2-53CC-431E-ADA1-66818710572A}" = protocol=17 | dir=in | app=a:\avg\avgnsa.exe |
"{2F119DC4-534D-4B79-8130-93516FFACB3D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2\arma2.exe |
"{3013F5C3-D616-43C4-8907-4C07B46912C1}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{316E58F2-3EBD-403D-BDF4-E39D843695B3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{32B8894F-1A87-40D9-AD93-DF5E9C29E41C}" = protocol=17 | dir=in | app=a:\hry\steam\steamapps\common\team fortress 2\hl2.exe |
"{3327BA67-D684-4361-9995-3B1C3D81F758}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{33A6F26E-8A99-4AD5-BD27-C591583E600F}" = protocol=17 | dir=in | app=a:\hry\wd\bin\watch_dogs.exe |
"{384FF1A9-5A09-4C89-972A-320ED739F250}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{3957CAC1-7F56-4F8E-8DC6-F6C544809E4A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{3BC5B29F-0767-455B-8601-56F3D1649E05}" = protocol=17 | dir=in | app=a:\hry\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{3D2B6FAF-9804-47CD-A9D4-D25F054D04ED}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\skazaton\counter-strike source\hl2.exe |
"{3D92B898-F733-4725-93AE-10F3560C7CED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3E1F2EE7-B887-467B-8BFC-39F17DE97EC5}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{43AB29C2-906A-4941-90AA-5EFECAC6529A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{46BB985C-0940-40EA-97F8-4421D60F0D4D}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{489EF8FE-B63A-4008-8C3E-C0C7EC958E02}" = protocol=6 | dir=in | app=d:\games\crysis\bin32\crysis.exe |
"{4A716036-2094-4215-A082-E7EF1CAACB1E}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{4ADA5BA7-1988-403B-BCF3-02A61568CCFF}" = protocol=6 | dir=in | app=a:\hry\steam\steamapps\common\metro 2033\metro2033.exe |
"{4B84A0F0-7EB5-493B-8C96-C988ED337E31}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BB1237F-D24B-4367-90E0-351044D018CC}" = protocol=6 | dir=in | app=a:\hry\steam\steamapps\common\team fortress 2\hl2.exe |
"{4DE3C89F-557B-4A98-87C1-0B1AC6C72F92}" = protocol=17 | dir=in | app=d:\programs\vt2\ventrilo.exe |
"{4DE7302B-1DD0-4702-BA9D-51A12F00045F}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{53B5D277-5DE2-41DD-A7C1-6612CB99CE5E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{54731184-993F-4E08-A117-BF7940CE4D76}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{5550051C-BE5A-48B1-9C2D-DA0FF6590E31}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{57805A02-F91D-40E3-AB46-02CC5A21C6F1}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe |
"{579E7009-0406-411C-AA76-D16DF34A6F6F}" = protocol=17 | dir=in | app=a:\hry\assasins creed 1\assassinscreed_dx9.exe |
"{57F34C80-6B90-435B-9673-9EBACDAE25B9}" = protocol=17 | dir=in | app=d:\games\crysis\bin64\crysis.exe |
"{583497F5-F397-4D96-A95F-1D43A30D4B3C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5CB7DD9E-1C18-4C38-A737-76B80CA566D7}" = protocol=17 | dir=in | app=d:\games\hearthstone\hearthstone.exe |
"{5CBD4E7A-5684-4E85-AD3A-3817956610FA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5EFCAC40-F113-4EF2-816A-ED4BF1385288}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5F11580F-F09C-4572-B8F4-5C98D2000AF6}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dota 2 beta\dota.exe |
"{616D8E0C-009A-4C21-AFC1-D737060F8643}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{6294B127-0334-4ED1-9971-1E92E426F2FD}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{648DAB11-C882-4672-96B7-FD24CEC27DC7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{66E61458-0669-41D5-86D7-14694D168F17}" = protocol=17 | dir=in | app=a:\hry\assasins creed 1\assassinscreed_dx10.exe |
"{68705D75-62F3-40F0-B408-9815744BC68A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{6B012186-94CA-4EF8-8F49-26E80BF2EE18}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{70D5D439-58B6-4DB9-9F4D-E6172E6B0682}" = protocol=17 | dir=in | app=d:\games\battle.net\battle.net.exe |
"{7183CF83-C5BA-4CE9-A498-24F65C104331}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{71B7A922-D35E-4DDB-B1F6-EA221F9BB3A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73F802AE-11E1-4099-B47C-29511535CB6C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{755C5A93-DC8A-487F-8979-924CED791183}" = protocol=6 | dir=in | app=a:\hry\assasins creed 1\assassinscreed_launcher.exe |
"{756CFD3D-40BA-475F-A620-82A1C06CEF62}" = protocol=6 | dir=in | app=a:\hry\starcraft ii\starcraft ii.exe |
"{75C46926-CE81-49FE-9BEA-70F74AA37C1B}" = protocol=17 | dir=in | app=d:\games\battlefield 4\battlefield 4\bf4.exe |
"{77744D80-B35D-4D54-9985-C29AABFC20A0}" = protocol=17 | dir=in | app=a:\hry\starcraft ii\starcraft ii.exe |
"{77BF0736-5053-4A25-865D-817A6B7F77CF}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{79ACBCFD-41FA-40FE-83B7-22192C57F819}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{7A076FB2-E78D-4107-B9D2-8FA6F7FF7D92}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{7A19C79A-B006-4809-98C3-26D4D49EC001}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{7BACE0E9-FBB9-4C0E-A009-4DC96DF6BE9B}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{7D5A88AB-EAE8-46DB-BF34-AA48C8012681}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7F957609-8F74-4D15-87EE-97C748009B9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8010E543-1CBF-4C9F-AB7C-F989DE397C44}" = protocol=6 | dir=in | app=d:\games\crysis\bin32\crysisdedicatedserver.exe |
"{81F98BEF-9F42-4FEA-B916-42966DC71EAC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8245F07A-5866-4C4F-AAE2-99320A69ADF4}" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"{8317F3EA-2DFD-49AD-9BE5-CE41C8C9D3C9}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{85733B99-3F7C-43A8-ABB9-2A96D99CEE6F}" = protocol=6 | dir=in | app=d:\games\hearthstone\hearthstone.exe |
"{8942094E-14F2-4704-B1D9-3366AFD164A4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8A1D7D6E-33CD-4C15-AD74-517CF88EFD8A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{8A66F1FA-C43D-4246-BB84-1111236B8C39}" = protocol=6 | dir=in | app=a:\hry\titanfall\titanfall.exe |
"{8AE25A05-632B-4C40-9CBE-46099BEF969B}" = protocol=6 | dir=in | app=a:\avg\avgdiagex.exe |
"{8AF96A15-19FA-4319-AF37-65F4FE077BDC}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{8C138480-5EA3-4224-8CDB-789CB889ADDE}" = protocol=6 | dir=in | app=a:\avg\avgemca.exe |
"{8DED8ED4-664D-40D1-9A23-A6249D8B108C}" = protocol=6 | dir=in | app=a:\avg\avgmfapx.exe |
"{8E0B1EE7-26F0-45E5-895E-0CE658C1394E}" = protocol=17 | dir=in | app=a:\hry\assasins creed 1\assassinscreed_launcher.exe |
"{900FF686-E438-4D18-BE7D-1C6777161D01}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2\arma2.exe |
"{912F3A99-9B6C-4133-A6ED-F78C4437934E}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe |
"{9701ADAC-9303-4B35-8D87-9B98A2F7F288}" = protocol=17 | dir=in | app=a:\hry\titanfall\titanfall.exe |
"{97D514A6-C317-4847-B3FC-F708AA15C27D}" = protocol=17 | dir=in | app=a:\hry\fifa 14\game\fifa14.exe |
"{9815A1FE-AAA8-443F-83EC-F66A5D2A2885}" = protocol=17 | dir=in | app=d:\games\battlefield 4\battlefield 4\bf4_x86.exe |
"{99D43D97-9C28-46BE-AF2E-E2E362AA165C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{9A953D94-8FE8-49B3-80EB-A095BE2EE847}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B2C297F-009A-4C6F-AF27-92D73E20961D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9BF7091A-A37A-4375-8714-C0C350771F2D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{9C6F3AF6-BFC2-4F74-A992-42DAD235CC9F}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe |
"{9C9A342E-669A-4BF5-8E13-A53AF1FB4310}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dota 2 beta\dota.exe |
"{9E1CD6F2-C79B-4F69-9407-89D959BEA3E3}" = protocol=6 | dir=in | app=d:\games\battlefield 4\battlefield 4\bf4.exe |
"{A015024E-D300-4CCE-8756-7895C24FEB6F}" = protocol=17 | dir=in | app=d:\programs\ventrilo 3.8\ventrilo.exe |
"{A1D6CA91-CDAA-40B1-A17B-665EA0839218}" = protocol=17 | dir=in | app=a:\avg\avgdiagex.exe |
"{A3580869-5FF9-46F8-AD63-E89B60F76D0E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe |
"{A3B01004-089F-49E7-8028-60D0298CF693}" = protocol=6 | dir=in | app=a:\hry\assasins creed 1\assassinscreed_dx10.exe |
"{A83BE1F1-D11C-479E-9417-693EF916FD7E}" = protocol=6 | dir=in | app=d:\programs\vt2\ventrilo.exe |
"{A8C6EBC2-2948-4F62-94B3-7DE47EA8CE08}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |
"{AA68DCE6-B2D9-4142-947E-E0AA33582991}" = protocol=6 | dir=in | app=d:\games\crysis\bin64\crysis.exe |
"{AE578E95-7ACD-40AB-A8FB-19E2775C671B}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2\arma2.exe |
"{AEDE057E-E13E-41AE-A903-5B454553AD0A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AEF79A4F-F115-4C03-AFC2-BA3BA3E4FCDA}" = protocol=6 | dir=in | app=a:\hry\heroes of the storm\support\heroesswitcher.exe |
"{B1812678-D52C-455B-98A1-4C9BD1E3B086}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B5BB6CB7-0C5A-4FBE-935A-C75039F14ACD}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{B7A6E83F-6F99-492D-B2B2-643A7FDF1C5A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{BB065540-8AF7-434B-B0C9-909351F99068}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BBC9D1B2-E370-4BFD-814D-9321A03A0901}" = protocol=17 | dir=in | app=a:\avg\avgmfapx.exe |
"{BC3F18AC-71BB-455F-ACD9-8830529A7BFE}" = protocol=58 | dir=in | app=system |
"{BCBE4C05-67AF-4AB4-A3C6-DE13F2F41C55}" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"{BD214196-B410-4155-AADD-ADEBB1A40C7D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{BF1A3076-7FE6-4693-B650-712750816DDF}" = protocol=6 | dir=in | app=d:\games\battlefield 4\battlefield 4\bf4_x86.exe |
"{C0AF3A80-0A6D-4886-8D64-7659CE9DB2B6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C1228D4E-B551-4399-A89D-FA3B68DCA0ED}" = protocol=17 | dir=in | app=d:\games\battlefield 3\battlefield 3\bf3.exe |
"{C27172A1-5A6C-4AA7-907C-1285DC819641}" = protocol=17 | dir=in | app=d:\games\crysis\bin32\crysis.exe |
"{C6B22E5F-D3F5-4FC2-83E8-2B2EFDB83C5A}" = protocol=6 | dir=in | app=a:\hry\wd\bin\watch_dogs.exe |
"{C7F75B55-5E1F-46BD-B838-744AF1CEC828}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{CB927C00-A8AB-425F-A224-5B7C3C1ABEAA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{CCD75C0B-B1DB-4AF0-BEE6-540D70FE84AE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{CD19C0B4-4A18-4166-B04D-AD37B6418F17}" = protocol=17 | dir=in | app=d:\games\crysis\bin64\crysisdedicatedserver.exe |
"{D5C9B7FD-49BB-4C95-BF4A-CBD8B2BE73F8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{D6CEDFFD-8178-43ED-A938-7EF29BAFF0D8}" = protocol=6 | dir=in | app=d:\games\battlefield 3\battlefield 3\bf3.exe |
"{D807D687-5161-4977-B9D1-C8D557F9197F}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{DA60AEF3-4537-436D-B71B-002D8481CD20}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dota 2 beta\dota.exe |
"{DCF0AB0E-3D1D-4582-9468-95C1AC3A513E}" = protocol=17 | dir=in | app=a:\avg\avgemca.exe |
"{DEAC15BB-43E0-4CCA-AA28-C14D99D10A4C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DFA3835F-33A1-4BE1-AFA7-70D8E5634E79}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\skazaton\counter-strike source\hl2.exe |
"{E79F3F40-DDD0-4AE5-81D4-22E4D3DE86DC}" = protocol=17 | dir=in | app=a:\hry\heroes of the storm\support\heroesswitcher.exe |
"{E8C8FC7D-23EA-478E-8AB6-02B91274D330}" = protocol=6 | dir=in | app=d:\programs\utorrent\utorrent.exe |
"{E9313189-5EC8-4588-85CD-58B16C131845}" = protocol=17 | dir=in | app=d:\games\crysis\bin32\crysisdedicatedserver.exe |
"{EF58F79F-1CEC-4CCC-A9DF-B9F734FAD46A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{F259C10F-BF44-491D-A45D-9CBC6F13059F}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |
"{F3441CDA-6705-4F3F-AD86-237BD036C59A}" = protocol=6 | dir=in | app=a:\hry\assasins creed 1\assassinscreed_dx9.exe |
"{F443F130-5DDE-42AA-BAFC-FFBA78AEC70A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{FA57D578-E368-4F01-8709-87FE6D1B4008}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{FA8160E4-289C-40E3-831A-CAF47D27F56C}" = protocol=6 | dir=in | app=a:\avg\avgnsa.exe |
"{FC12C8BE-092E-42E5-B381-1DDEDE69A18B}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{FC442ED0-B739-4468-8BF7-0E6CEA4D6F9A}" = protocol=17 | dir=in | app=a:\hry\steam\steamapps\common\metro 2033\metro2033.exe |
"{FEC6662B-D3D0-430E-9360-C5F0E983C6E2}" = protocol=17 | dir=in | app=d:\games\max payne 3\playmaxpayne3.exe |
"{FF895C22-D930-4612-B9C6-C6E6904CEA4F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"TCP Query User{05C69144-1818-496D-A6B8-9BAB424FC48B}A:\hry\starcraft ii\versions\base26490\sc2.exe" = protocol=6 | dir=in | app=a:\hry\starcraft ii\versions\base26490\sc2.exe |
"TCP Query User{11C97370-2891-41A1-8F22-2548AE8255D4}D:\programs\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\programs\mirc\mirc.exe |
"TCP Query User{130887EC-912D-48F6-B26C-062691BBFC87}D:\programs\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\programs\mirc\mirc.exe |
"TCP Query User{186722E5-1101-40D8-9650-21A5DC9082B0}A:\hry\outlast\binaries\win64\olgame.exe" = protocol=6 | dir=in | app=a:\hry\outlast\binaries\win64\olgame.exe |
"TCP Query User{1899E149-D84C-4785-B35B-FA298E83BF13}D:\games\starcraft\starcraft.exe" = protocol=6 | dir=in | app=d:\games\starcraft\starcraft.exe |
"TCP Query User{28F4C05D-66E0-43E0-8027-50FC3F7F8A92}D:\games\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=d:\games\need for speed most wanted\nfs13.exe |
"TCP Query User{3C82FC2E-C1CC-439F-9265-DAF79D0C2AD7}D:\programs\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=d:\programs\lolreplay\lolreplay.exe |
"TCP Query User{523BB02F-FB76-4557-A034-2516D9530BFD}C:\program files (x86)\counter-strike 1.6 standalone\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6 standalone\launcher.exe |
"TCP Query User{749D619E-B9B4-49EA-91EF-DFFAC6BA341F}D:\games\steam\steamapps\skazaton\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\skazaton\counter-strike source\hl2.exe |
"TCP Query User{7ED6B11B-FECA-4419-8B63-38B2326D140D}D:\games\gow\binaries\wargame-g4wlive.exe" = protocol=6 | dir=in | app=d:\games\gow\binaries\wargame-g4wlive.exe |
"TCP Query User{85BE05AF-587D-4B1A-9634-1AA2E595F42E}D:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\war3.exe |
"TCP Query User{8974E850-F32E-4A02-88C5-D2504EF62C7A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{9D54E80C-A341-4E95-B51A-E6BDDADE5023}A:\hry\heroes of the storm\versions\base30509\heroesofthestorm.exe" = protocol=6 | dir=in | app=a:\hry\heroes of the storm\versions\base30509\heroesofthestorm.exe |
"TCP Query User{B4137A2E-EB92-465C-B132-C0B023A71E42}C:\program files (x86)\counter-strike 1.6 standalone\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6 standalone\launcher.exe |
"TCP Query User{DF521DEF-F48D-4E99-9597-C2AADD534D5D}D:\games\need for speed(tm) rivals-sg\nfs14.exe" = protocol=6 | dir=in | app=d:\games\need for speed(tm) rivals-sg\nfs14.exe |
"TCP Query User{E88219D5-7DA7-41CA-BA2B-1CE265217904}D:\games\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"TCP Query User{EE0D8A09-D19F-42DD-B408-4911231C6CA4}D:\games\rage\rage.exe" = protocol=6 | dir=in | app=d:\games\rage\rage.exe |
"TCP Query User{EF1C643B-7521-49A1-8D12-123DAF58A402}D:\games\battlefield 3\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=d:\games\battlefield 3\battlefield 3\bf3.exe |
"TCP Query User{F3D240EA-58FB-4375-89B0-8CF66C082D0D}D:\games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\games\max payne 3\maxpayne3.exe |
"TCP Query User{F806B7DB-7947-487B-992C-3204CD8D8DA6}D:\games\steam\steam.exe" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |
"TCP Query User{FD132B05-0DE4-4408-A819-2C23E1573121}A:\hry\starcraft ii\versions\base28667\sc2.exe" = protocol=6 | dir=in | app=a:\hry\starcraft ii\versions\base28667\sc2.exe |
"TCP Query User{FDD8CC6D-C0B3-4A1E-A875-CCBF69632904}A:\hry\wolfenstein the new order\wolfneworder_x64.exe" = protocol=6 | dir=in | app=a:\hry\wolfenstein the new order\wolfneworder_x64.exe |
"UDP Query User{014F5ADD-7C0D-4787-B6C1-F0049902B6EB}D:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\war3.exe |
"UDP Query User{0800CB36-B1F7-4B8C-B5CF-8A587C5EC708}A:\hry\wolfenstein the new order\wolfneworder_x64.exe" = protocol=17 | dir=in | app=a:\hry\wolfenstein the new order\wolfneworder_x64.exe |
"UDP Query User{111B9B32-235C-47FA-BF7D-A9EB14275FC2}D:\games\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=d:\games\need for speed most wanted\nfs13.exe |
"UDP Query User{11566511-A2C5-4EA2-9820-4AC98ACFE391}A:\hry\heroes of the storm\versions\base30509\heroesofthestorm.exe" = protocol=17 | dir=in | app=a:\hry\heroes of the storm\versions\base30509\heroesofthestorm.exe |
"UDP Query User{1C705300-0DA6-4244-B0E7-D337C72B49B9}A:\hry\starcraft ii\versions\base28667\sc2.exe" = protocol=17 | dir=in | app=a:\hry\starcraft ii\versions\base28667\sc2.exe |
"UDP Query User{2895B61A-12EB-4771-BD83-09F13D4E658F}D:\games\need for speed(tm) rivals-sg\nfs14.exe" = protocol=17 | dir=in | app=d:\games\need for speed(tm) rivals-sg\nfs14.exe |
"UDP Query User{2BA50565-DFE5-4D0B-9DF6-FEBCD53726C0}D:\programs\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\programs\mirc\mirc.exe |
"UDP Query User{36DBD562-4622-4B0C-A177-0C4043A63606}C:\program files (x86)\counter-strike 1.6 standalone\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6 standalone\launcher.exe |
"UDP Query User{50EE643F-0327-4439-B7E3-F0DEBC0FFD79}D:\games\steam\steam.exe" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |
"UDP Query User{547D671E-32FC-4CA4-B8CA-0C398AD66E12}C:\program files (x86)\counter-strike 1.6 standalone\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6 standalone\launcher.exe |
"UDP Query User{692DD025-13AF-4A58-9231-3CA497421E76}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{6B261588-6F87-45E7-9DF1-EEE39FE322FA}D:\games\battlefield 3\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=d:\games\battlefield 3\battlefield 3\bf3.exe |
"UDP Query User{75EEF8C1-E1E8-439A-BD97-33E044719AB4}D:\programs\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=d:\programs\lolreplay\lolreplay.exe |
"UDP Query User{7AA46093-C71C-4DD8-AEA4-F5721E6FD37C}A:\hry\starcraft ii\versions\base26490\sc2.exe" = protocol=17 | dir=in | app=a:\hry\starcraft ii\versions\base26490\sc2.exe |
"UDP Query User{9E79CED2-9F59-4954-878D-678E68F0DE0C}D:\games\rage\rage.exe" = protocol=17 | dir=in | app=d:\games\rage\rage.exe |
"UDP Query User{AE297F89-EDE8-4094-80F8-F0216E7B8254}D:\games\steam\steamapps\skazaton\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\skazaton\counter-strike source\hl2.exe |
"UDP Query User{B463DF42-568A-4ED4-8D57-43B39B8D6389}D:\games\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"UDP Query User{C518F21D-F759-40A3-8D0B-292401939C35}A:\hry\outlast\binaries\win64\olgame.exe" = protocol=17 | dir=in | app=a:\hry\outlast\binaries\win64\olgame.exe |
"UDP Query User{CF912062-1B49-47A6-BFEC-A5A80F55C197}D:\games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\games\max payne 3\maxpayne3.exe |
"UDP Query User{D0621A68-FC6F-406F-89A5-736D6A128C2A}D:\games\starcraft\starcraft.exe" = protocol=17 | dir=in | app=d:\games\starcraft\starcraft.exe |
"UDP Query User{DF1BC02F-DB39-44FD-BC2E-55011DD1C3BD}D:\programs\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\programs\mirc\mirc.exe |
"UDP Query User{F3CF06D8-E7C0-4246-B58F-3ED860196F55}D:\games\gow\binaries\wargame-g4wlive.exe" = protocol=17 | dir=in | app=d:\games\gow\binaries\wargame-g4wlive.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0A2E1907-D0DE-0D01-CA64-CB0AB0BFE539}" = AMD Wireless Display v3.0
"{1664D45E-FA92-8C52-92E9-E8ADB04A18ED}" = AMD Drag and Drop Transcoding
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6119B3A6-3603-9695-0398-CDF2AF0A13F8}" = AMD Catalyst Install Manager
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Intel(R) Turbo Boost Technology Monitor 2.6
"{6CB0C0FC-4F27-43F5-84CC-ABC231F045C4}" = AVG 2014
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{ABD878B8-E7E3-2BC4-5A95-478133DCFFC3}" = AMD Accelerated Video Transcoding
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{CB21CD89-A4D3-4240-9AAA-55DCE7F3D076}" = AVG 2014
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D3485211-6ACA-8BC3-1AAB-29FC5552C454}" = ccc-utility64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"AVG" = AVG 2014
"CCleaner" = CCleaner
"CPUID HWMonitorPro_is1" = CPUID HWMonitor Pro 1.13
"ESL Wire_is1" = ESL Wire 1.15.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{031F80EB-1FE5-45EF-9DE2-E2F5AF01259F}" = CCC Help Spanish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B15A8C3-3B8A-F229-A880-82EA62908425}" = CCC Help Dutch
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1A6752E1-966B-9D1F-F6B7-DDBCA6FC87ED}" = CCC Help Russian
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{2058DA53-D5F2-D8D9-7325-39B0E367D1E1}" = CCC Help Swedish
"{2090B6D0-E025-5A67-9838-8F1D5768E643}" = CCC Help Chinese Standard
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{2AD4FF67-43E9-77AD-D90C-584F950E2D12}" = CCC Help French
"{347EE0C3-0690-48F6-A231-53853C2A80D6}" = Titanfall™
"{3A577334-7C90-55BC-1878-F5862FA268B2}" = CCC Help Korean
"{3BF289E3-933B-F421-3B59-F6BB0D285B09}" = CCC Help Hungarian
"{3CB6BA0C-6BC5-E543-221A-AA4DEBB6F4B5}" = CCC Help Polish
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{430E2D32-6EA9-E6E4-80A1-84047694A45B}" = CCC Help Czech
"{4A6A8D33-09CD-FD44-4BF0-999E8A6E93C8}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6EBDE2A2-0CFB-9134-A859-68A0002B3FA6}" = CCC Help Thai
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E80655-FB3C-46F4-BE00-62D248BC490A}" = Visual C++ 2008 Runtime (x64)
"{769E98DC-2BB0-83A7-51C9-306F30232345}" = Catalyst Control Center Graphics Previews Common
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{8181B50E-0E33-DE07-AAB2-E71BBBDBF288}" = CCC Help Portuguese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FB054C-7DA5-1C76-BFB2-423426DC35BB}" = AMD Catalyst Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A640069-9784-701E-AC8E-84F62C42D1A3}" = CCC Help English
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{93098E43-2743-1551-447F-2699E9591E9C}" = CCC Help Danish
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A3703A3B-FDCF-4349-4B2E-A189A2B90B51}" = CCC Help Chinese Traditional
"{A619A488-A4BA-F2A0-72FA-4C484B93DC0F}" = CCC Help Greek
"{AA7A2800-1E75-4240-855B-03AFF8E5171E}" = FIFA 14
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{C2872E18-8799-44A3-B6BD-AC535F1982A6}_is1" = Castlevania Lords of Shadow version 1.0.0.
"{C4799AAA-CE52-D2F1-63C8-E6D5106C78E0}" = CCC Help Norwegian
"{C6182116-5F2D-9949-B42B-06073E86A98A}" = CCC Help German
"{CC6C7F05-AF23-65BD-702D-705EAB723578}" = CCC Help Japanese
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D5B7F1A3-2CA6-4C5C-EFB6-4AA5772F5310}" = CCC Help Turkish
"{DBA6B3EF-A8C0-4EB2-9554-3A7879838580}" = Catalyst Control Center Localization All
"{DC7A1CE2-D28A-45B9-84AC-4D8A21D37FDA}_is1" = Weather Watcher
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E6B9277D-AC15-4E88-BA86-0047D69B4A8C}" = Trials Fusion
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A6308C-55E6-57DF-95BB-AEEF374B469A}" = CCC Help Finnish
"{F543B0F9-D1F9-25D1-993C-8430BEC9D889}" = Catalyst Control Center InstallProxy
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"«Tomb Raider - Game of the Year Edition»_is1" = «Tomb Raider - Game of the Year Edition»
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Audacity_is1" = Audacity 2.0.5
"AWC" = Advanced WarCraft3 Configurator (remove only)
"Battle.net" = Battle.net
"Battlelog Web Plugins" = Battlelog Web Plugins
"Counter-Strike 1.6 Standalone" = Counter-Strike 1.6 Standalone
"Crysis 3_is1" = Crysis 3 v1.0.0.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Episode 1" = Back to the Future The Game - Episode 1
"ESN Sonar-0.70.4" = ESN Sonar
"Foxit Reader_is1" = Foxit Reader 5.1
"Fraps" = Fraps
"Hearthstone" = Hearthstone
"Heroes of the Storm" = Heroes of the Storm
"ImgBurn" = ImgBurn
"LOLReplay" = LOLReplay
"mIRC" = mIRC
"Mozilla Firefox 30.0 (x86 sk)" = Mozilla Firefox 30.0 (x86 sk)
"Need for Speed Most Wanted_is1" = Need for Speed Most Wanted
"Open Broadcaster Software" = Open Broadcaster Software
"Origin" = Origin
"Outlast" = Outlast
"PunkBusterSvc" = PunkBuster Services
"Rage_is1" = Rage
"Rockstar Games Social Club" = Rockstar Games Social Club
"South Park The Stick of Truth_is1" = South Park The Stick of Truth
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 209170" = Call of Duty: Ghosts - Multiplayer
"Steam App 224580" = Arma 2: DayZ Mod
"Steam App 240" = Counter-Strike: Source
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 730" = Counter-Strike: Global Offensive
"SW5qdXN0aWNlR29kc0Ftb25nVXNVbHRpbWF0ZUVkaXRpb24=_is1" = Injustice: Gods Among Us Ultimate Edition
"The Elder Scrolls Online Beta_is1" = The Elder Scrolls Online Beta
"Uplay" = Uplay
"Uplay Install 274" = WATCH_DOGS
"uTorrent" = µTorrent
"V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1" = Wolfenstein: The New Order
"VLC media player" = VLC media player 2.0.1
"Warcraft III" = Warcraft III
"World of Warcraft" = World of Warcraft
"X-Mouse Button Control" = X-Mouse Button Control 2.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4147476810-3915425316-3949129202-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0b0d45f34cb2f7e6" = WinGrooves
"ESEA" = ESEA Client
"QIP 2005" = QIP 2005 8097
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11. 6. 2014 9:17:33 | Computer Name = Misko-PC | Source = WinMgmt | ID = 10
Description =
Error - 11. 6. 2014 9:21:42 | Computer Name = Misko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 11. 6. 2014 9:21:42 | Computer Name = Misko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 12. 6. 2014 7:41:25 | Computer Name = Misko-PC | Source = WinMgmt | ID = 10
Description =
Error - 12. 6. 2014 7:43:47 | Computer Name = Misko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 12. 6. 2014 7:43:47 | Computer Name = Misko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 12. 6. 2014 12:26:09 | Computer Name = Misko-PC | Source = WinMgmt | ID = 10
Description =
Error - 12. 6. 2014 12:28:30 | Computer Name = Misko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 12. 6. 2014 12:28:30 | Computer Name = Misko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 12. 6. 2014 13:49:02 | Computer Name = Misko-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 25. 7. 2012 8:18:38 | Computer Name = Misko-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =
[ System Events ]
Error - 20. 6. 2014 12:26:47 | Computer Name = Misko-PC | Source = XMouseButton Launcher | ID = 6
Description = Process token open Error: 6 (Popisovač nie je platný. )
Error - 20. 6. 2014 13:35:14 | Computer Name = Misko-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.
Error - 20. 6. 2014 13:37:01 | Computer Name = Misko-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 20. 6. 2014 13:37:23 | Computer Name = Misko-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.
Error - 20. 6. 2014 17:42:47 | Computer Name = Misko-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 20. 6. 2014 17:42:47 | Computer Name = Misko-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 20. 6. 2014 17:44:58 | Computer Name = Misko-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.
Error - 20. 6. 2014 17:47:17 | Computer Name = Misko-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.
Error - 20. 6. 2014 17:47:20 | Computer Name = Misko-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.
Error - 20. 6. 2014 18:32:09 | Computer Name = Misko-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Re: Malware v pc ? Prosim o radu
Vypnete antivir, at nebrani programu v praci. Znovu spustte OTL jako spravceDo spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)
Kód: Vybrat vše
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]
:services
ESEADriver2
AdobeFlashPlayerUpdateSvc
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy
:otl
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
O15 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4147476810-3915425316-3949129202-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"=-
Po restartu se objevi novy log, ten sem dejte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?
