downloader.exe

Zpráva

Paysami · #1 Příspěvek od **Paysami** » 08 lis 2014 16:46

Zdravím mám tu problém s tím, že se mi zapíná proces co vytěžuje nehorázně net.
Když ho vypnu tak se zapne znova.
Obrázek

Když jsem se podívat do složky tak tam byly 4torrenty(složku jsem zkoušel smazat, ale později se znovu objevila.
Obrázek

#2 Příspěvek od **altrok** » 08 lis 2014 16:49

Zdravim Vas

Zacneme jak je tu zvykem a to logem z RSIT

http://forum.viry.cz/viewtopic.php?f=13&t=130786

Paysami · #3 Příspěvek od **Paysami** » 08 lis 2014 16:53

Zde to je

Logfile of random's system information tool 1.10 (written by random/random)
Run by admin at 2014-11-08 16:51:42
Microsoft Windows 7 Ultimate
System drive C: has 81 GB (21%) free of 381 GB
Total RAM: 6143 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:51:50, on 8.11.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Program Files\trend micro\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: FLV Toolbar - {06197747-A47F-41FB-83D1-A00E9E00E276} - C:\Program Files (x86)\FLV Toolbar\IE\9.0\flvToolbarIE.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GSplay.exe] C:\Users\admin\Desktop\GSplay.exe
O4 - HKCU\..\Run: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: HDDlife.lnk = C:\Program Files (x86)\BinarySense\HDDlife 4\HDDlifePro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Windows Update Services (Windows Update) - Unknown owner - C:\Windows\SysWOW64\postreusif.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

--
End of file - 9268 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Windows\SysWOW64\postreusif.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\puush\puush.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "C:\Program Files (x86)\Steam\config\htmlcache" -cookiepath "C:\Program Files (x86)\Steam\config\cookies" -steampid 3268 --blacklist-accelerated-compositing --process-per-tab --enable-direct-write
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-delegated-renderer --disable-gpu-compositing --disable-threaded-compositing --enable-pinch --enable-software-compositing --no-sandbox --enable-direct-write --lang=en-US --lang=en-US --product-version="Valve Steam Client" --disable-accelerated-compositing --disable-gpu-compositing --channel="1296.0.860864200\73232117" /prefetch:673131151
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
"C:\ProgramData\Downloader\\downloader.exe"
\??\C:\Windows\system32\conhost.exe
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" -- "http://puu.sh/cIeKd/1d4f1b646c.png"
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=gpu-process --channel="3660.0.1366175991\1955674485" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,13,23 --gpu-vendor-id=0x1002 --gpu-device-id=0x683d --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.251.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.2.20782620\2118774222" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.3.494061217\1503554442" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.4.1085390156\1086827383" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.5.1675957121\477458446" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.6.887947128\1240596017" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.7.208830664\1756341404" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.11.1041818133\258325693" /prefetch:673131151
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.13.765120724\364840752" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.14.1823784126\1362686981" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.15.1956822811\2000553855" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524

"C:\Users\admin\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Paysami · #4 Příspěvek od **Paysami** » 08 lis 2014 16:55

Ještě bych rád napsal, že downloader.exe se spustí, když pustím třeba hru na steamu.

#5 Příspěvek od **altrok** » 08 lis 2014 16:59

Log neni kompletni.

Odinstalujte Skype Click to Call a McAfee Security Scan

otestujte C:\ProgramData\Downloader\downloader.exe na virustotal.com

Jak jsme na tom s legalnosti systemu? Ona nejvyssi licence pro domaci uzivatele neni zrovna bezna

Paysami · #6 Příspěvek od **Paysami** » 08 lis 2014 17:13

Skype a McAfee jsem odstranil.
Downloader.exe https://www.virustotal.com/cs/file/1d50 ... 415462769/

O legalnosti nevím, počítač mi dělal kamarád a myslím, že to je teď nepodstatné.

Kompletní log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by admin at 2014-11-08 17:12:32
Microsoft Windows 7 Ultimate
System drive C: has 81 GB (21%) free of 381 GB
Total RAM: 6143 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:12:34, on 8.11.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Users\admin\Desktop\procexp.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Program Files\trend micro\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: FLV Toolbar - {06197747-A47F-41FB-83D1-A00E9E00E276} - C:\Program Files (x86)\FLV Toolbar\IE\9.0\flvToolbarIE.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GSplay.exe] C:\Users\admin\Desktop\GSplay.exe
O4 - HKCU\..\Run: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: HDDlife.lnk = C:\Program Files (x86)\BinarySense\HDDlife 4\HDDlifePro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Windows Update Services (Windows Update) - Unknown owner - C:\Windows\SysWOW64\postreusif.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

--
End of file - 8882 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Windows\SysWOW64\postreusif.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\puush\puush.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "C:\Program Files (x86)\Steam\config\htmlcache" -cookiepath "C:\Program Files (x86)\Steam\config\cookies" -steampid 3268 --blacklist-accelerated-compositing --process-per-tab --enable-direct-write
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-delegated-renderer --disable-gpu-compositing --disable-threaded-compositing --enable-pinch --enable-software-compositing --no-sandbox --enable-direct-write --lang=en-US --lang=en-US --product-version="Valve Steam Client" --disable-accelerated-compositing --disable-gpu-compositing --channel="1296.0.860864200\73232117" /prefetch:673131151
"C:\ProgramData\Downloader\\downloader.exe"
\??\C:\Windows\system32\conhost.exe
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" -- "http://puu.sh/cIeKd/1d4f1b646c.png"
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=gpu-process --channel="3660.0.1366175991\1955674485" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,13,23 --gpu-vendor-id=0x1002 --gpu-device-id=0x683d --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.251.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.2.20782620\2118774222" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.3.494061217\1503554442" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.4.1085390156\1086827383" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.5.1675957121\477458446" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.6.887947128\1240596017" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.7.208830664\1756341404" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.13.765120724\364840752" /prefetch:673131151
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.14.1823784126\1362686981" /prefetch:673131151

"C:\Users\admin\Desktop\procexp.exe"
"C:\Users\admin\Desktop\procexp.exe"
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=ppapi --channel="3660.21.1560281820\839699751" --ppapi-flash-args --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.26.353013755\1617038633" /prefetch:673131151
C:\Windows\system32\msiexec.exe /V
"C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SPDY/SpdyDisabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3660.28.9664769\1522402734" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\admin\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-992597708-1987578634-1854157398-1000Core.job - C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-992597708-1987578634-1854157398-1000UA.job - C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dbn8y8u.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Nero.com/KM]
"Description"=
"Path"=C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dbn8y8u.default\extensions\
{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-14 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-29 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-14 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-29 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2014-10-21 1938624]
"puush"=C:\Program Files (x86)\puush\puush.exe [2014-05-25 567880]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]
"GSplay.exe"=C:\Users\admin\Desktop\GSplay.exe []
"Clownfish"=C:\Program Files (x86)\Clownfish\Clownfish.exe [2014-09-24 1323776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-28 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCUpdateHelper]
C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [2014-04-16 528360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
C:\PROGRA~2\MYPCBA~1\MYPCBA~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warcraft Config.lnk]
C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne\support\config.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-04-02 807680]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-09-21 4085896]
""= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HDDlife.lnk - C:\Program Files (x86)\BinarySense\HDDlife 4\HDDlifePro.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"wave9"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux8"=wdmaud.drv
"midi9"=wdmaud.drv
"aux9"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-08 16:51:42 ----D---- C:\rsit
2014-11-08 16:51:42 ----D---- C:\Program Files\trend micro
2014-11-08 16:23:32 ----D---- C:\ProgramData\Downloader
2014-11-08 15:41:06 ----A---- C:\Windows\system32\MRT.exe
2014-11-07 21:46:35 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-11-04 18:03:43 ----D---- C:\Program Files (x86)\Clownfish
2014-10-26 11:23:38 ----A---- C:\Windows\system32\libmysql_e.dll
2014-10-26 11:23:35 ----D---- C:\Program Files\PremiumSoft
2014-10-25 14:47:42 ----D---- C:\Program Files (x86)\PuTTY
2014-10-24 16:27:56 ----D---- C:\Program Files (x86)\HammerMT2 Server 1 2014
2014-10-24 12:29:03 ----D---- C:\Program Files\Blender Foundation
2014-10-22 19:11:08 ----D---- C:\Counter-Strike 1.6
2014-10-20 20:31:39 ----D---- C:\Users\admin\AppData\Roaming\.minecraft
2014-10-14 16:28:54 ----D---- C:\ProgramData\Logs

======List of files/folders modified in the last 1 month======

2014-11-08 17:12:33 ----D---- C:\Windows\Temp
2014-11-08 17:04:55 ----HD---- C:\ProgramData
2014-11-08 17:04:55 ----D---- C:\Program Files
2014-11-08 17:04:30 ----SHD---- C:\Windows\Installer
2014-11-08 17:04:29 ----SHD---- C:\Config.Msi
2014-11-08 17:04:29 ----RD---- C:\Program Files (x86)\Skype
2014-11-08 17:04:11 ----SHD---- C:\System Volume Information
2014-11-08 16:32:17 ----D---- C:\Program Files (x86)\Steam
2014-11-08 16:13:45 ----AD---- C:\ProgramData\TEMP
2014-11-08 16:12:50 ----D---- C:\Windows\Microsoft.NET
2014-11-08 16:12:22 ----RSD---- C:\Windows\assembly
2014-11-08 16:12:09 ----D---- C:\Windows\System32
2014-11-08 16:12:09 ----D---- C:\Windows\inf
2014-11-08 16:12:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-08 16:12:05 ----RD---- C:\Program Files (x86)
2014-11-08 16:09:09 ----D---- C:\Users\admin\AppData\Roaming\Skype
2014-11-08 16:06:04 ----D---- C:\Windows\Prefetch
2014-11-08 16:05:54 ----D---- C:\Windows\system32\drivers
2014-11-08 16:04:47 ----D---- C:\Windows\Minidump
2014-11-08 16:04:44 ----D---- C:\Windows
2014-11-08 15:41:11 ----D---- C:\Windows\debug
2014-11-08 14:19:38 ----D---- C:\Program Files (x86)\osu!
2014-11-08 13:26:56 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-08 01:35:32 ----D---- C:\Windows\system32\config
2014-11-07 21:55:06 ----D---- C:\Users\admin\AppData\Roaming\TS3Client
2014-11-04 17:40:57 ----SD---- C:\ProgramData\Microsoft
2014-11-04 17:40:55 ----D---- C:\Windows\system32\drivers\UMDF
2014-11-03 20:36:07 ----D---- C:\Users\admin\AppData\Roaming\FileZilla
2014-11-03 15:33:48 ----D---- C:\Windows\SysWOW64
2014-11-01 22:17:07 ----D---- C:\Program Files (x86)\SpeedFan
2014-10-25 23:04:36 ----D---- C:\Users\admin\AppData\Roaming\uTorrent
2014-10-23 18:08:23 ----D---- C:\Windows\SYSWOW64\drivers
2014-10-20 21:25:07 ----D---- C:\Users\admin\AppData\Roaming\Media Player Classic
2014-10-16 16:06:01 ----D---- C:\xampp
2014-10-11 13:28:23 ----D---- C:\ProgramData\Skype
2014-10-11 13:28:18 ----D---- C:\Program Files (x86)\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-08-14 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-08-14 224896]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-08-14 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-08-14 1041168]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-09-21 427360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2013-09-19 59648]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-08-14 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-08-14 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-08-14 92008]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-12-06 13207552]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-12-06 626176]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-09-24 94208]
R3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2014-01-03 42184]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 hidkmdf;KMDF Driver; C:\Windows\system32\DRIVERS\hidkmdf.sys [2013-11-12 14136]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys [2012-07-31 38992]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WacHidRouter;Wacom Hid Router; C:\Windows\system32\DRIVERS\wachidrouter.sys [2013-11-12 90424]
S3 wacomrouterfilter;Wacom Router Filter Driver; C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [2013-11-12 15160]
S3 X6va016;X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 []
S3 X6va017;X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 []
S3 X6va021;X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 []
S3 X6va022;X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 []
S3 X6va028;X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-12-06 239616]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-06 344064]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-08-14 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 NAUpdate;Nero Update; C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-07-18 762192]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-05-29 75136]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2014-05-29 189248]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
R2 Windows Update;Windows Update Services; C:\Windows\SysWOW64\postreusif.exe [2009-07-08 2314752]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-10-21 833728]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14 116648]
S2 HDDlife HDD Access service;HDDlife HDD Access service; C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe [2014-09-16 2078984]
S2 WTabletServiceCon;Wacom Consumer Service; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-12-17 627992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14 116648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-07 114288]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2012-10-24 4702568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-04-02 186656]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

#7 Příspěvek od **altrok** » 08 lis 2014 17:16

Uz ho vidim usaka jednoho! Podivame se mu poradne na zoubek

Ulozte na plochu OTL http://oldtimer.geekstogo.com/OTL.exe

kliknete pravym na ikonu OTL a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
zatrhnete moznosti Pro vsechny uzivatele, Kontrola na havet "LOP", Kontrola na havěť "Purity"
do okna dole (Custom Scans/Fixes) zkopirujte script, ktery je nize
zbytek ponechte, jak je a kliknete na Prohledat
vysledne logy (OTL.txt a Extras.txt) budou dlouhe, takze je rozdelte do vice prispevku (odpovedi)

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Paysami · #8 Příspěvek od **Paysami** » 08 lis 2014 17:51

OTL
OTL logfile created on: 8.11.2014 17:20:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

6,00 Gb Total Physical Memory | 3,66 Gb Available Physical Memory | 61,06% Memory free
12,00 Gb Paging File | 9,14 Gb Available in Paging File | 76,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,51 Gb Total Space | 78,74 Gb Free Space | 21,14% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.11.08 17:18:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
PRC - [2014.11.08 16:23:32 | 001,868,800 | ---- | M] () -- C:\ProgramData\Downloader\downloader.exe
PRC - [2014.10.21 20:22:40 | 001,529,536 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
PRC - [2014.10.21 20:22:40 | 000,833,728 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014.10.21 20:22:38 | 001,938,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014.09.21 23:14:09 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014.09.12 19:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.09.11 08:57:26 | 002,480,312 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\admin\Desktop\procexp.exe
PRC - [2014.08.14 19:30:18 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014.05.29 13:16:09 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2014.05.29 13:16:01 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014.05.25 12:45:46 | 000,567,880 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
PRC - [2014.01.23 06:57:02 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.07.18 16:39:40 | 000,762,192 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

========== Modules (No Company Name) ==========

MOD - [2014.10.21 20:22:58 | 002,226,880 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014.10.21 20:22:40 | 000,682,176 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014.10.02 00:16:02 | 000,774,656 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014.09.05 00:29:26 | 034,589,376 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014.09.05 00:29:26 | 000,837,824 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
MOD - [2014.08.21 19:15:22 | 001,171,456 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-56.dll
MOD - [2014.08.21 19:15:22 | 000,485,888 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-3.dll
MOD - [2014.08.21 19:15:22 | 000,442,368 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-54.dll
MOD - [2014.08.21 19:15:22 | 000,403,968 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-56.dll
MOD - [2014.08.21 19:15:22 | 000,332,800 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-2.dll
MOD - [2014.08.14 19:30:20 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014.08.14 19:30:18 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014.06.01 10:08:56 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014.05.25 12:45:46 | 000,567,880 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
MOD - [2014.05.24 17:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
MOD - [2014.05.24 17:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
MOD - [2014.02.21 06:31:03 | 013,632,904 | ---- | M] () -- C:\Users\admin\AppData\Local\Google\Chrome\User Data\PepperFlash\12.0.0.70\pepflashplayer.dll
MOD - [2014.01.23 06:57:00 | 000,399,640 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppgooglenaclpluginchrome.dll
MOD - [2014.01.23 06:56:56 | 004,055,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
MOD - [2014.01.23 06:56:02 | 000,715,544 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
MOD - [2014.01.23 06:56:01 | 000,100,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
MOD - [2014.01.23 06:55:58 | 001,634,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
MOD - [2009.07.14 05:55:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009.07.14 05:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009.07.14 05:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009.07.14 05:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009.07.14 05:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009.07.14 05:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009.07.14 05:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014.08.14 19:30:18 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013.12.17 02:17:18 | 000,627,992 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2013.12.06 21:52:10 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.12.06 16:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.11.07 21:46:40 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.10.21 20:22:40 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014.09.16 15:03:34 | 002,078,984 | ---- | M] (BinarySense, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe -- (HDDlife HDD Access service)
SRV - [2014.09.12 19:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.05.29 13:16:09 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2014.05.29 13:16:01 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.07.18 16:39:40 | 000,762,192 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012.10.24 09:16:51 | 004,702,568 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.14 02:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.07.08 17:23:25 | 002,314,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\postreusif.exe -- (Windows Update)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.09.21 23:14:03 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014.08.14 19:30:22 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014.08.14 19:30:22 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014.08.14 19:30:22 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014.08.14 19:30:21 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014.08.14 19:30:21 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014.08.14 19:30:21 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014.08.14 19:30:21 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014.01.03 23:54:28 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.12.06 22:52:14 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.12.06 21:21:44 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.11.12 01:16:03 | 000,090,424 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2013.11.12 01:16:03 | 000,015,160 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2013.11.12 01:16:02 | 000,014,136 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2013.09.24 15:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.09.19 23:05:02 | 000,059,648 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0)
DRV:64bit: - [2012.07.31 09:45:10 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/results.php?f=4&q={ ... 284091&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-992597708-1987578634-1854157398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-992597708-1987578634-1854157398-1000\..\URLSearchHook: {06197747-A47F-41FB-83D1-A00E9E00E276} - C:\Program Files (x86)\FLV Toolbar\IE\9.0\flvToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-992597708-1987578634-1854157398-1000\..\SearchScopes,DefaultScope = {B5A9A7D4-ADA4-4E46-929D-20F5840681E9}
IE - HKU\S-1-5-21-992597708-1987578634-1854157398-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-992597708-1987578634-1854157398-1000\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/results.php?f=4&q={ ... 284091&ir=
IE - HKU\S-1-5-21-992597708-1987578634-1854157398-1000\..\SearchScopes\{B5A9A7D4-ADA4-4E46-929D-20F5840681E9}: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-992597708-1987578634-1854157398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-992597708-1987578634-1854157398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKU\S-1-5-21-992597708-1987578634-1854157398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555;https=127.0.0.1:8555

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.3
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@screenleap.com/ScreenleapPlugin,version=1.1: C:\Users\admin\AppData\Local\Screenleap\npscreenleap1.1.dll (ScreenLeap, Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\admin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\admin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admin\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admin\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.09.21 23:12:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014.07.21 18:06:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2014.11.07 21:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\3dbn8y8u.default\extensions
[2014.11.07 21:39:53 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\3dbn8y8u.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2014.11.07 21:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014.11.07 21:46:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: file:///C:/Users/admin/Desktop/IMAGES
CHR - Extension: iMacros for Chrome = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\8.0.7_0\
CHR - Extension: Search by Image (by Google) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.1_0\
CHR - Extension: AdBlock = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.13_0\
CHR - Extension: Scroll To Top Button = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chiikmhgllekggjhdfjhajkfdkcngplp\6.3.1_0\
CHR - Extension: Facebook Invite All = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj\1.3.6_0\
CHR - Extension: UTADRemmovalApp = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkpdkpbibaghgfbibljdibbibehdlnh\2.0_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-992597708-1987578634-1854157398-1000..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov)
O4 - HKU\S-1-5-21-992597708-1987578634-1854157398-1000..\Run: [GSplay.exe] C:\Users\admin\Desktop\GSplay.exe File not found
O4 - HKU\S-1-5-21-992597708-1987578634-1854157398-1000..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O4 - HKU\S-1-5-21-992597708-1987578634-1854157398-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk = C:\Program Files (x86)\BinarySense\HDDlife 4\HDDlifePro.exe (BinarySense, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3619BC61-FC79-4E87-9672-61A92CE173F3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux6 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux7 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux8 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux9 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi6 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi7 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi8 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi9 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer6 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer7 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer9 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()
Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave6 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave7 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave9 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux7 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux8 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux9 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer9 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - ac3acm.acm (fccHandler)
Drivers32: msacm.bdmpeg - bdmpega.acm ()
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll ()
Drivers32: VIDC.FPS1 - frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mjpg - bdmjpeg.dll ()
Drivers32: vidc.mpeg - bdmpegv.dll ()
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - xvidvfw.dll ()
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave9 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.11.08 16:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.11.08 16:51:42 | 000,000,000 | ---D | C] -- C:\rsit
[2014.11.08 16:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloader
[2014.11.08 16:00:33 | 002,480,312 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\admin\Desktop\procexp.exe
[2014.11.07 21:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.11.07 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\iMacros
[2014.11.04 18:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish
[2014.11.04 18:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clownfish
[2014.11.02 00:52:58 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\zaloha
[2014.10.26 12:06:21 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Navicat
[2014.10.26 11:44:13 | 304,870,262 | ---- | C] (Installshield Software Corporation ) -- C:\Users\admin\Desktop\Metin2_2004.exe
[2014.10.26 11:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
[2014.10.26 11:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2014.10.25 14:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
[2014.10.25 14:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PuTTY
[2014.10.24 16:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HammerMT2 Server 1 2014
[2014.10.24 16:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HammerMT2 Server 1 2014
[2014.10.24 12:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2014.10.24 12:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2014.10.22 19:22:29 | 000,000,000 | ---D | C] -- C:\Users\admin\GSplay
[2014.10.22 19:12:51 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
[2014.10.22 19:11:08 | 000,000,000 | ---D | C] -- C:\Counter-Strike 1.6
[2014.10.20 20:31:39 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\.minecraft
[2014.10.14 16:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2014.10.11 13:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014.10.11 13:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.11.08 17:22:30 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.11.08 17:19:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-992597708-1987578634-1854157398-1000UA.job
[2014.11.08 17:01:00 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.11.08 16:23:32 | 001,868,800 | ---- | M] () -- C:\Users\admin\Desktop\downloader.exe
[2014.11.08 16:18:02 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.11.08 16:12:09 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.11.08 16:12:09 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.11.08 16:12:09 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.11.08 16:10:23 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.11.08 16:10:23 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.11.08 16:05:45 | 000,002,108 | ---- | M] () -- C:\Windows\SysWow64\postreusif.bin
[2014.11.08 16:04:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.11.08 16:04:44 | 546,788,692 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.11.08 16:04:42 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys
[2014.11.08 16:00:24 | 001,188,194 | ---- | M] () -- C:\Users\admin\Desktop\ProcessExplorer.zip
[2014.11.08 15:50:56 | 000,007,648 | ---- | M] () -- C:\Users\admin\AppData\Local\resmon.resmoncfg
[2014.11.08 13:28:13 | 000,001,212 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk
[2014.11.08 13:27:15 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-992597708-1987578634-1854157398-1000Core.job
[2014.11.08 12:17:21 | 000,051,720 | ---- | M] () -- C:\Users\admin\Desktop\25.jpg
[2014.11.08 11:20:54 | 000,062,561 | ---- | M] () -- C:\Users\admin\Desktop\sexy-ass-girls02.jpg
[2014.11.08 11:07:18 | 000,022,563 | ---- | M] () -- C:\Users\admin\Desktop\10614352_580909572015178_6960596359635039912_n.jpg
[2014.11.08 11:02:52 | 000,062,776 | ---- | M] () -- C:\Users\admin\Desktop\hhhn.jpg
[2014.11.08 10:46:58 | 000,091,513 | ---- | M] () -- C:\Users\admin\Desktop\15.png
[2014.11.08 10:15:51 | 000,227,411 | ---- | M] () -- C:\Users\admin\Desktop\tumblr_neochrV7Qk1rsx7u3o1_1280.jpg
[2014.11.07 22:35:20 | 000,001,044 | ---- | M] () -- C:\Users\admin\Desktop\Auto.mcs
[2014.11.07 20:39:38 | 000,097,234 | ---- | M] () -- C:\Users\admin\Desktop\10703752_1043126125712776_4227052219071656414_n.jpg
[2014.11.07 17:03:37 | 000,064,431 | ---- | M] () -- C:\Users\admin\Desktop\fbf.jpg
[2014.11.07 17:02:45 | 000,060,276 | ---- | M] () -- C:\Users\admin\Desktop\gbg.jpg
[2014.11.07 16:29:33 | 000,039,995 | ---- | M] () -- C:\Users\admin\Desktop\363.jpg
[2014.11.07 16:25:00 | 000,055,550 | ---- | M] () -- C:\Users\admin\Desktop\gbh.jpg
[2014.11.07 16:22:56 | 000,063,035 | ---- | M] () -- C:\Users\admin\Desktop\3.jpg
[2014.11.07 16:15:26 | 000,125,080 | ---- | M] () -- C:\Users\admin\Desktop\559223_433109550078285_948473081_n.jpg
[2014.11.06 23:31:22 | 000,000,256 | ---- | M] () -- C:\Users\admin\Desktop\index.html
[2014.11.06 23:31:09 | 000,000,256 | ---- | M] () -- C:\Users\admin\Desktop\index.php
[2014.11.06 23:01:24 | 000,011,413 | ---- | M] () -- C:\Users\admin\AppData\Local\recently-used.xbel
[2014.11.05 22:38:22 | 000,131,125 | ---- | M] () -- C:\Users\admin\Desktop\qs.png
[2014.11.05 18:49:51 | 000,225,980 | ---- | M] () -- C:\Users\admin\Desktop\dvf.jpg
[2014.11.04 23:03:32 | 000,043,357 | ---- | M] () -- C:\Users\admin\Desktop\fb.jpg
[2014.11.04 20:14:14 | 000,026,053 | ---- | M] () -- C:\Users\admin\Desktop\52.jpg
[2014.11.04 17:40:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014.11.03 15:33:33 | 000,000,528 | ---- | M] () -- C:\Windows\SysNative\postreusif.bin
[2014.11.03 11:57:11 | 000,000,600 | ---- | M] () -- C:\Users\admin\AppData\Local\PUTTY.RND
[2014.10.28 00:25:40 | 000,113,801 | ---- | M] () -- C:\Users\admin\Desktop\2014-10-28_00.25.40.png
[2014.10.26 12:05:50 | 000,366,527 | ---- | M] () -- C:\Users\admin\Desktop\rain_mysql.tar.gz
[2014.10.26 11:44:21 | 304,870,262 | ---- | M] (Installshield Software Corporation ) -- C:\Users\admin\Desktop\Metin2_2004.exe
[2014.10.26 11:39:44 | 053,396,038 | ---- | M] () -- C:\Users\admin\Desktop\rain.tar.gz
[2014.10.26 11:25:40 | 000,000,753 | ---- | M] () -- C:\Users\admin\Desktop\XAMPP Control Panel.lnk
[2014.10.26 11:25:29 | 000,001,010 | ---- | M] () -- C:\Users\admin\Desktop\Navicat Premium.lnk
[2014.10.25 14:47:43 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\PuTTY.lnk
[2014.10.24 12:29:38 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
[2014.10.20 20:32:03 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\Hrát na MC Titan www.mctitan.cz.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.11.08 17:22:30 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.11.08 17:05:18 | 001,868,800 | ---- | C] () -- C:\Users\admin\Desktop\downloader.exe
[2014.11.08 16:00:33 | 000,072,154 | ---- | C] () -- C:\Users\admin\Desktop\procexp.chm
[2014.11.08 16:00:18 | 001,188,194 | ---- | C] () -- C:\Users\admin\Desktop\ProcessExplorer.zip
[2014.11.08 12:17:19 | 000,051,720 | ---- | C] () -- C:\Users\admin\Desktop\25.jpg
[2014.11.08 11:20:53 | 000,062,561 | ---- | C] () -- C:\Users\admin\Desktop\sexy-ass-girls02.jpg
[2014.11.08 11:07:18 | 000,022,563 | ---- | C] () -- C:\Users\admin\Desktop\10614352_580909572015178_6960596359635039912_n.jpg
[2014.11.08 11:02:51 | 000,062,776 | ---- | C] () -- C:\Users\admin\Desktop\hhhn.jpg
[2014.11.08 10:46:57 | 000,091,513 | ---- | C] () -- C:\Users\admin\Desktop\15.png
[2014.11.08 10:15:49 | 000,227,411 | ---- | C] () -- C:\Users\admin\Desktop\tumblr_neochrV7Qk1rsx7u3o1_1280.jpg
[2014.11.07 22:26:10 | 000,001,044 | ---- | C] () -- C:\Users\admin\Desktop\Auto.mcs
[2014.11.07 20:39:37 | 000,097,234 | ---- | C] () -- C:\Users\admin\Desktop\10703752_1043126125712776_4227052219071656414_n.jpg
[2014.11.07 17:03:37 | 000,064,431 | ---- | C] () -- C:\Users\admin\Desktop\fbf.jpg
[2014.11.07 17:02:19 | 000,060,276 | ---- | C] () -- C:\Users\admin\Desktop\gbg.jpg
[2014.11.07 16:29:32 | 000,039,995 | ---- | C] () -- C:\Users\admin\Desktop\363.jpg
[2014.11.07 16:25:00 | 000,055,550 | ---- | C] () -- C:\Users\admin\Desktop\gbh.jpg
[2014.11.07 16:22:56 | 000,063,035 | ---- | C] () -- C:\Users\admin\Desktop\3.jpg
[2014.11.07 16:15:22 | 000,125,080 | ---- | C] () -- C:\Users\admin\Desktop\559223_433109550078285_948473081_n.jpg
[2014.11.06 23:29:11 | 000,000,256 | ---- | C] () -- C:\Users\admin\Desktop\index.php
[2014.11.06 23:06:06 | 000,000,256 | ---- | C] () -- C:\Users\admin\Desktop\index.html
[2014.11.06 23:01:24 | 000,011,413 | ---- | C] () -- C:\Users\admin\AppData\Local\recently-used.xbel
[2014.11.05 22:38:22 | 000,131,125 | ---- | C] () -- C:\Users\admin\Desktop\qs.png
[2014.11.05 18:47:31 | 000,225,980 | ---- | C] () -- C:\Users\admin\Desktop\dvf.jpg
[2014.11.04 23:03:32 | 000,043,357 | ---- | C] () -- C:\Users\admin\Desktop\fb.jpg
[2014.11.04 20:14:14 | 000,026,053 | ---- | C] () -- C:\Users\admin\Desktop\52.jpg
[2014.11.04 17:40:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014.10.28 17:23:33 | 000,113,801 | ---- | C] () -- C:\Users\admin\Desktop\2014-10-28_00.25.40.png
[2014.10.26 12:05:49 | 000,366,527 | ---- | C] () -- C:\Users\admin\Desktop\rain_mysql.tar.gz
[2014.10.26 11:39:43 | 053,396,038 | ---- | C] () -- C:\Users\admin\Desktop\rain.tar.gz
[2014.10.26 11:25:40 | 000,000,753 | ---- | C] () -- C:\Users\admin\Desktop\XAMPP Control Panel.lnk
[2014.10.26 11:24:18 | 000,001,010 | ---- | C] () -- C:\Users\admin\Desktop\Navicat Premium.lnk
[2014.10.26 11:23:38 | 001,988,096 | ---- | C] () -- C:\Windows\SysNative\libmysql_e.dll
[2014.10.25 14:48:02 | 000,000,600 | ---- | C] () -- C:\Users\admin\AppData\Local\PUTTY.RND
[2014.10.25 14:47:43 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\PuTTY.lnk
[2014.10.24 12:29:38 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
[2014.10.22 19:15:14 | 546,788,692 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.10.20 20:32:03 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\Hrát na MC Titan www.mctitan.cz.lnk
[2014.09.15 17:42:58 | 000,002,108 | ---- | C] () -- C:\Windows\SysWow64\postreusif.bin
[2014.09.15 17:42:57 | 000,000,008 | ---- | C] () -- C:\Users\admin\AppData\Roaming\_
[2014.09.09 20:07:57 | 000,007,648 | ---- | C] () -- C:\Users\admin\AppData\Local\resmon.resmoncfg
[2014.08.30 17:10:12 | 000,000,120 | ---- | C] () -- C:\Users\admin\.screenleap
[2014.05.29 21:44:45 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
[2014.05.29 21:44:44 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\AiCM32.dll
[2014.05.29 13:16:02 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.05.29 13:16:01 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014.04.01 16:40:43 | 000,000,057 | ---- | C] () -- C:\Windows\directx.sys
[2014.01.30 21:57:37 | 000,002,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014.01.28 21:41:54 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014.01.28 21:41:54 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2014.01.28 21:41:53 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2014.01.28 21:41:53 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014.01.28 21:41:53 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014.01.28 21:41:52 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014.01.28 21:10:23 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2014.01.22 16:53:40 | 000,000,000 | -HS- | C] () -- C:\Users\admin\AppData\Local\LumaEmu
[2014.01.13 17:18:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014.01.13 17:14:52 | 000,757,660 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.12.06 22:38:38 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.12.06 22:38:38 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.12.06 21:39:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.12.06 21:39:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.12.06 16:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013.08.05 07:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2013.08.05 07:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.11.07 18:12:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft
[2014.05.30 13:21:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Aimersoft Video Converter Ultimate
[2014.09.21 23:09:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\AVAST Software
[2014.01.28 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BANDISOFT
[2014.05.11 20:37:35 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Battle.net
[2014.09.29 16:29:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BinarySense
[2014.01.20 06:38:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DeepBurner
[2014.08.25 22:46:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Dropbox
[2014.11.03 20:36:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FileZilla
[2014.07.06 22:56:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FlvtoConverter
[2014.09.21 23:02:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GameMaker-Studio
[2014.06.08 17:02:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GHISLER
[2014.07.08 16:32:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\iWesoft
[2014.08.14 17:13:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LaRoXion
[2014.01.27 15:43:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LolClient
[2014.09.21 23:02:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MC Titan Technic
[2014.09.21 23:02:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MC Titan Technic v2
[2014.09.21 23:02:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\mctitanpokemine4
[2014.09.23 08:38:39 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mikrotik
[2014.08.30 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Notepad++
[2014.09.21 23:02:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OBS
[2014.05.29 05:45:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Origin
[2014.01.17 15:40:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Publish Providers
[2014.09.21 23:02:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\puush
[2014.01.26 13:36:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Riot Games
[2014.05.06 19:58:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Screaming Bee
[2014.08.14 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sony
[2014.01.22 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SpaceEngineers
[2014.03.11 20:16:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\steamvr
[2014.02.19 20:54:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\StepMania 5
[2014.01.19 16:11:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sublime Text 3
[2014.04.20 12:01:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SYSTEMAX Software Development
[2014.02.15 23:45:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TeamViewer
[2014.01.23 19:28:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TERA
[2014.11.07 21:55:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TS3Client
[2014.04.07 16:22:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Unity
[2014.10.25 23:04:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent
[2014.07.10 18:37:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Wacom
[2014.06.08 17:51:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\z5a52yal.s2j
[2014.01.28 23:54:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\zbusoft

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,570 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:08:49 | 000,032,588 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU(43).TXT
[2009.07.14 06:08:49 | 000,032,588 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU(49).TXT
[2014.01.14 18:51:16 | 000,000,946 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.01.14 18:51:17 | 000,000,950 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014.02.28 22:14:32 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-992597708-1987578634-1854157398-1000Core.job
[2014.02.28 22:14:33 | 000,000,962 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-992597708-1987578634-1854157398-1000UA.job

< >

< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009.07.14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2013.03.12 16:00:10 | 000,025,600 | ---- | M] () MD5=3296A6B39A35330F1734A79B20B89FDE -- C:\xampp\perl\vendor\lib\auto\Win32\EventLog\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\drivers\nvraid.sys
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2014.05.12 06:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\SysNative\drivers\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2014.05.12 06:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[68 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\03a05fa9049b3527c1ed36dd79b47c28\*.tmp files -> C:\Windows\SoftwareDistribution\Download\03a05fa9049b3527c1ed36dd79b47c28\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0e30a62a2ea49f44c884f666c5718702\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0e30a62a2ea49f44c884f666c5718702\*.tmp -> ]
[434 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014.11.07 18:12:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft
[2014.05.26 14:58:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Adobe
[2014.05.30 13:21:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Aimersoft Video Converter Ultimate
[2014.01.13 17:18:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ATI
[2014.09.21 23:09:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\AVAST Software
[2014.01.28 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BANDISOFT
[2014.05.11 20:37:35 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Battle.net
[2014.09.29 16:29:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BinarySense
[2014.01.20 06:38:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DeepBurner
[2014.08.25 22:46:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Dropbox
[2014.11.03 20:36:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FileZilla
[2014.07.06 22:56:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FlvtoConverter
[2014.09.21 23:02:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GameMaker-Studio
[2014.06.08 17:02:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GHISLER
[2014.01.13 17:09:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Identities
[2014.01.15 18:08:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\InstallShield
[2014.07.08 16:32:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\iWesoft
[2014.08.14 17:13:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LaRoXion
[2014.01.27 15:43:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LolClient
[2014.01.23 19:08:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Macromedia
[2014.09.21 23:02:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MC Titan Technic
[2014.09.21 23:02:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MC Titan Technic v2
[2014.09.21 23:02:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\mctitanpokemine4
[2009.07.14 08:45:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs
[2014.10.20 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Player Classic
[2014.10.03 18:36:46 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft
[2014.09.23 08:38:39 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mikrotik
[2014.07.21 18:06:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla
[2014.01.20 06:19:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nero
[2014.08.30 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Notepad++
[2014.09.21 23:02:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OBS
[2014.05.29 05:45:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Origin
[2014.04.10 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PSpad
[2014.01.17 15:40:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Publish Providers
[2014.09.21 23:02:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\puush
[2014.01.26 13:36:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Riot Games
[2014.05.06 19:58:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Screaming Bee
[2014.11.08 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Skype
[2014.08.14 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sony
[2014.01.22 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SpaceEngineers
[2014.03.11 20:16:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\steamvr
[2014.02.19 20:54:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\StepMania 5
[2014.01.19 16:11:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sublime Text 3
[2014.04.20 12:01:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SYSTEMAX Software Development
[2014.02.15 23:45:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TeamViewer
[2014.01.23 19:28:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TERA
[2014.11.07 21:55:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TS3Client
[2014.04.07 16:22:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Unity
[2014.10.25 23:04:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent
[2014.07.10 18:37:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Wacom
[2014.01.14 20:36:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WinRAR
[2014.07.10 18:41:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WTablet
[2014.06.08 17:51:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\z5a52yal.s2j
[2014.01.28 23:54:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\zbusoft

< %APPDATA%\*.exe /s >
[2014.10.20 20:32:03 | 000,125,466 | ---- | M] () -- C:\Users\admin\AppData\Roaming\.minecraft\Odinstalovat.exe
[2014.10.12 02:13:20 | 002,788,696 | ---- | M] (YoYo Games Ltd) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\5piceIDE.exe
[2014.10.12 02:13:24 | 004,180,480 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\ffmpeg.exe
[2014.06.07 13:38:11 | 024,923,136 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\ffprobe.exe
[2014.10.12 02:13:24 | 000,150,872 | ---- | M] (YoYo Games Ltd.) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\GameMaker-Studio.exe
[2014.10.12 02:13:24 | 001,610,072 | ---- | M] (YoYo Games Ltd.) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\GMAssetCompiler.exe
[2014.10.12 02:13:24 | 000,775,000 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\GMWebServer.exe
[2014.10.12 02:13:26 | 002,988,888 | ---- | M] (YoYo Games Ltd. ) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Runner.exe
[2014.10.12 02:13:27 | 000,167,936 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\unzip.exe
[2014.10.12 02:13:28 | 000,135,168 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\zip.exe
[2014.10.12 02:13:24 | 001,369,600 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\GMDebug\GMDebug.exe
[2014.10.12 02:13:25 | 000,292,184 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\makensis\dxwebsetup.exe
[2014.10.12 02:13:25 | 000,496,128 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\makensis\makensis.exe
[2014.06.07 13:38:20 | 000,005,632 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\makensis\Contrib\UIs\default.exe
[2014.06.07 13:38:20 | 000,006,144 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\makensis\Contrib\UIs\modern.exe
[2014.06.07 13:38:20 | 000,004,096 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\makensis\Contrib\UIs\modern_headerbmp.exe
[2014.06.07 13:38:20 | 000,004,096 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\makensis\Contrib\UIs\modern_headerbmpr.exe
[2014.06.07 13:38:20 | 000,003,584 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\makensis\Contrib\UIs\modern_nodesc.exe
[2014.06.07 13:38:20 | 000,003,584 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\makensis\Contrib\UIs\modern_smalldesc.exe
[2014.06.07 13:38:20 | 000,006,144 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\makensis\Contrib\UIs\sdbarker_tiny.exe
[2014.10.12 02:13:25 | 000,372,224 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\OpenSSL\openssl.exe
[2014.10.12 02:13:26 | 000,303,104 | ---- | M] (Simon Tatham) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\putty\plink.exe
[2014.10.12 02:13:26 | 000,315,392 | ---- | M] (Simon Tatham) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\putty\pscp.exe
[2014.10.12 02:13:26 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\putty\putty.exe
[2014.06.07 13:38:23 | 000,018,432 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Shaders\D3D11ShaderParser.exe
[2014.10.12 02:13:26 | 000,104,448 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Shaders\HLSLCompiler.exe
[2014.06.07 13:38:25 | 000,010,752 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x64\bin\svn-populate-node-origins-index.exe
[2014.10.12 02:13:26 | 000,228,864 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x64\bin\svn.exe
[2014.10.12 02:13:26 | 000,072,704 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x64\bin\svnadmin.exe
[2014.06.07 13:38:26 | 000,019,456 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x64\bin\svnauthz-validate.exe
[2014.06.07 13:38:26 | 000,040,960 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x64\bin\svndumpfilter.exe
[2014.10.12 02:13:26 | 000,071,168 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x64\bin\svnlook.exe
[2014.06.07 13:38:26 | 000,023,552 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x64\bin\svnmucc.exe
[2014.10.12 02:13:26 | 000,054,784 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x64\bin\svnrdump.exe
[2014.10.12 02:13:26 | 000,148,480 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x64\bin\svnserve.exe
[2014.10.12 02:13:26 | 000,056,320 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x64\bin\svnsync.exe
[2014.06.07 13:38:26 | 000,024,576 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x64\bin\svnversion.exe
[2014.10.12 02:13:27 | 000,189,440 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x86\bin\svn.exe
[2014.10.12 02:13:27 | 000,058,880 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x86\bin\svnadmin.exe
[2014.06.07 13:38:27 | 000,036,352 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x86\bin\svndumpfilter.exe
[2014.10.12 02:13:27 | 000,057,344 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x86\bin\svnlook.exe
[2014.06.07 13:38:27 | 000,021,504 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x86\bin\svnmucc.exe
[2014.10.12 02:13:27 | 000,045,056 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x86\bin\svnrdump.exe
[2014.10.12 02:13:27 | 000,047,616 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x86\bin\svnsync.exe
[2014.06.07 13:38:27 | 000,024,064 | ---- | M] (http://subversion.apache.org/) -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Subversion\x86\bin\svnversion.exe
[2014.06.08 17:50:43 | 003,556,123 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Tizen\Device\TizenRunner.exe
[2014.06.08 17:50:43 | 003,816,788 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Tizen\Emulator\TizenRunner.exe
[2014.06.07 13:38:35 | 000,013,312 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Windows8\LaunchMetroApp.exe
[2014.06.07 13:38:39 | 000,012,288 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Windows8\Stop-Appx.exe
[2014.10.12 02:13:28 | 000,094,720 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Windows8\Native\arm\WinMetroRunner.exe
[2014.10.12 02:13:28 | 000,095,232 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\Windows8\Native\x86\WinMetroRunner.exe
[2014.06.08 17:50:44 | 000,029,696 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\WinPhone\DeploymentTool.exe
[2014.06.07 13:38:44 | 018,664,448 | ---- | M] () -- C:\Users\admin\AppData\Roaming\GameMaker-Studio\YYC\bin\clang++.exe
[2014.10.12 02:13:29 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2014.10.12 02:13:36 | 000,134,014 | ---- | M] () -- C:\Users\admin\AppData\Roaming\MC Titan Technic v2\Odinstalovat.exe
[2014.10.12 02:13:32 | 000,134,102 | ---- | M] () -- C:\Users\admin\AppData\Roaming\MC Titan Technic\Odinstalovat.exe
[2014.10.12 02:13:40 | 000,128,312 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mctitanpokemine4\Odinstalovat.exe
[2014.10.12 02:13:40 | 000,231,463 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mctitanpokemine4\Uninstal.exe
[2014.07.22 20:32:40 | 000,102,134 | R--- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{90D83CB4-3692-458C-95D4-E60CC7E0B278}\_2DC32E96981458BD6B33CF.exe
[2014.07.22 20:32:40 | 000,102,134 | R--- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{90D83CB4-3692-458C-95D4-E60CC7E0B278}\_3259EBB7DD8B81CCA77E0F.exe
[2014.07.22 20:32:40 | 000,102,134 | R--- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{90D83CB4-3692-458C-95D4-E60CC7E0B278}\_6EEBBB904B912B9C1DEC88.exe
[2014.07.22 20:32:40 | 000,102,134 | R--- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Installer\{90D83CB4-3692-458C-95D4-E60CC7E0B278}\_853F67D554F05449430E7E.exe
[2014.10.27 10:05:34 | 000,252,928 | ---- | M] (obsproject.com) -- C:\Users\admin\AppData\Roaming\OBS\updates\updater.exe
[2014.10.12 02:13:50 | 000,393,728 | ---- | M] (BitTorrent, Inc.) -- C:\Users\admin\AppData\Roaming\uTorrent\utorrent.exe
[2014.10.24 16:27:07 | 1263,743,684 | ---- | M] (HammerMT2, Inc. ) -- C:\Users\admin\AppData\Roaming\uTorrent\;\HammerMT2 Server 1 2014.exe
[2014.05.28 20:30:39 | 037,210,678 | ---- | M] (Aimersoft Software ) -- C:\Users\admin\AppData\Roaming\uTorrent\;\Aimersoft Video Converter Ultimate v5.6.0.1 Incl Crack - [MUMBAI]\aimer-video-ultimate_full523.exe
[2014.10.12 02:13:46 | 003,388,416 | ---- | M] (Aimersoft Software) -- C:\Users\admin\AppData\Roaming\uTorrent\;\Aimersoft Video Converter Ultimate v5.6.0.1 Incl Crack - [MUMBAI]\Crack\VideoConverterUltimate.exe
[2014.10.12 02:13:46 | 004,812,672 | ---- | M] (Piriform Ltd) -- C:\Users\admin\AppData\Roaming\uTorrent\;\CCleaner v4.15.4725 Business & Professional Edition Incl. Crack [ATOM]\ccsetup415.exe
[2014.10.12 02:13:47 | 000,204,800 | ---- | M] () -- C:\Users\admin\AppData\Roaming\uTorrent\;\crack vegas 9\Keygen.exe
[2014.10.12 02:13:47 | 000,096,256 | ---- | M] () -- C:\Users\admin\AppData\Roaming\uTorrent\;\crack vegas 9\Sony_VegasPro8_DVDArchitect45_SoundForge9_CRACK.exe
[2014.10.12 02:13:47 | 001,489,920 | ---- | M] () -- C:\Users\admin\AppData\Roaming\uTorrent\;\Fraps 3.5.99 Fully Registered Sept 2014\setup.exe
[2014.10.12 02:13:48 | 000,463,152 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Roaming\uTorrent\;\MicroSoft Office 2007 With Key -THADOGG\setup.exe
[2014.10.12 02:13:48 | 000,145,184 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Roaming\uTorrent\;\MicroSoft Office 2007 With Key -THADOGG\Enterprise.WW\ose.exe
[2014.10.12 02:13:48 | 000,813,384 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Roaming\uTorrent\;\MicroSoft Office 2007 With Key -THADOGG\Office.en-us\DW20.EXE
[2014.10.12 02:13:48 | 000,434,528 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Roaming\uTorrent\;\MicroSoft Office 2007 With Key -THADOGG\Office.en-us\dwtrig20.exe
[2014.05.29 17:01:33 | 155,346,841 | ---- | M] (TeamExtreme ) -- C:\Users\admin\AppData\Roaming\uTorrent\;\Minecraft 1.7.9 by TeamExtremeMc.com\Minecraft 1.7.9.exe
[2014.10.12 02:13:49 | 000,378,880 | ---- | M] (Install.exe) -- C:\Users\admin\AppData\Roaming\uTorrent\;\rzr-skrm\install.exe
[2014.10.12 02:13:49 | 000,355,920 | ---- | M] (Valve Corporation) -- C:\Users\admin\AppData\Roaming\uTorrent\;\rzr-skrm\Setup.exe
[2014.10.12 02:13:49 | 000,411,016 | ---- | M] (Valve Corporation) -- C:\Users\admin\AppData\Roaming\uTorrent\;\rzr-skrm\SteamService.exe
[2014.10.12 02:13:49 | 004,726,270 | ---- | M] ( ) -- C:\Users\admin\AppData\Roaming\uTorrent\;\Watch Dogs ENG\setup.exe
[2014.10.12 02:13:49 | 000,087,040 | ---- | M] () -- C:\Users\admin\AppData\Roaming\uTorrent\;\Watch Dogs ENG\Crack\GameLauncher_x64.exe
[2014.05.25 16:53:11 | 062,404,320 | ---- | M] (Ubisoft) -- C:\Users\admin\AppData\Roaming\uTorrent\;\Watch Dogs ENG\uPlay\UplayInstaller.exe
[2014.06.07 13:38:44 | 018,664,448 | ---- | M] () -- C:\Users\admin\AppData\Roaming\z5a52yal.s2j\YYC\bin\clang++.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.08 20:34:27 | 000,010,752 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\lonertotedoust.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.08 20:34:27 | 000,010,752 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\lonertotedoust.dll

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.11.08 16:05:45 | 000,002,108 | ---- | M] () -- C:\Windows\system32\postreusif.bin

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Steam" = "C:\Program Files (x86)\Steam\steam.exe" -silent -- [2014.10.21 20:22:38 | 001,938,624 | ---- | M] (Valve Corporation)
"puush" = C:\Program Files (x86)\puush\puush.exe -- [2014.05.25 12:45:46 | 000,567,880 | ---- | M] ()
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun -- [2014.08.27 08:20:30 | 022,041,192 | R--- | M] (Skype Technologies S.A.)
"GSplay.exe" = C:\Users\admin\Desktop\GSplay.exe
"Clownfish" = "C:\Program Files (x86)\Clownfish\Clownfish.exe" -- [2014.09.24 09:57:38 | 001,323,776 | ---- | M] (Bogdan Sharkov)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.11.08 17:22:30 | 000,000,512 | ---- | M] () MD5=4B77BC0B0FE07AED7CCC98BAD86E2F4F -- C:\PhysicalMBR.bin

Paysami · #9 Příspěvek od **Paysami** » 08 lis 2014 17:51

< >

< *crack* /s >
[2014.09.23 11:11:06 | 001,099,940 | ---- | M] () -- \Program Files (x86)\GameforgeLive\Games\GBR_eng\TERA\Client\S1Game\CookedPC\Art_Data\Packages\BG\Extension_01\Original\EX01_BlackCrack_OBJ.gpk
[2014.09.23 11:29:28 | 008,695,706 | ---- | M] () -- \Program Files (x86)\GameforgeLive\Games\GBR_eng\TERA\Client\S1Game\CookedPC\Art_Data\Packages\CH\NPC\NPC_Objects\BlackCrack_BigStone.gpk
[2014.09.23 11:29:26 | 006,332,931 | ---- | M] () -- \Program Files (x86)\GameforgeLive\Games\GBR_eng\TERA\Client\S1Game\CookedPC\Art_Data\Packages\CH\NPC\NPC_Objects\BlackCrack_BigStone_ANI.gpk
[2014.09.23 11:29:26 | 003,335,217 | ---- | M] () -- \Program Files (x86)\GameforgeLive\Games\GBR_eng\TERA\Client\S1Game\CookedPC\Art_Data\Packages\CH\NPC\NPC_Objects\BlackCrack_NPC_OBJ.gpk
[2014.09.23 11:29:24 | 000,036,564 | ---- | M] () -- \Program Files (x86)\GameforgeLive\Games\GBR_eng\TERA\Client\S1Game\CookedPC\Art_Data\Packages\CH\NPC\NPC_Objects\BlackCrack_NPC_OBJ_ANI.gpk
[2014.09.23 11:29:24 | 000,685,163 | ---- | M] () -- \Program Files (x86)\GameforgeLive\Games\GBR_eng\TERA\Client\S1Game\CookedPC\Art_Data\Packages\CH\NPC\NPC_Objects\Black_Crack_Wall.gpk
[2014.06.04 16:55:12 | 002,860,300 | ---- | M] () -- \Program Files (x86)\osu!\Songs\139525 Lite Show Magic - Crack traxxxx\Crack Traxxxx.mp3
[2014.06.04 16:55:12 | 000,010,152 | ---- | M] () -- \Program Files (x86)\osu!\Songs\139525 Lite Show Magic - Crack traxxxx\Lite Show Magic - Crack traxxxx (Fatfan Kolek) [Dariano's Normal].osu
[2014.06.04 16:55:12 | 000,007,094 | ---- | M] () -- \Program Files (x86)\osu!\Songs\139525 Lite Show Magic - Crack traxxxx\Lite Show Magic - Crack traxxxx (Fatfan Kolek) [Easy].osu
[2014.06.04 16:55:12 | 000,035,315 | ---- | M] () -- \Program Files (x86)\osu!\Songs\139525 Lite Show Magic - Crack traxxxx\Lite Show Magic - Crack traxxxx (Fatfan Kolek) [Extra].osu
[2014.06.04 16:55:12 | 000,032,081 | ---- | M] () -- \Program Files (x86)\osu!\Songs\139525 Lite Show Magic - Crack traxxxx\Lite Show Magic - Crack traxxxx (Fatfan Kolek) [Fanzhen's Hi-Speed Extra].osu
[2014.06.04 16:55:12 | 000,031,227 | ---- | M] () -- \Program Files (x86)\osu!\Songs\139525 Lite Show Magic - Crack traxxxx\Lite Show Magic - Crack traxxxx (Fatfan Kolek) [Gero's Insane].osu
[2014.06.04 16:55:12 | 000,016,922 | ---- | M] () -- \Program Files (x86)\osu!\Songs\139525 Lite Show Magic - Crack traxxxx\Lite Show Magic - Crack traxxxx (Fatfan Kolek) [Oracle's Hard].osu
[2014.06.04 16:55:12 | 000,030,015 | ---- | M] () -- \Program Files (x86)\osu!\Songs\139525 Lite Show Magic - Crack traxxxx\Lite Show Magic - Crack traxxxx (Fatfan Kolek) [Pantsu's Insane].osu
[2014.06.04 16:55:12 | 000,017,618 | ---- | M] () -- \Program Files (x86)\osu!\Songs\139525 Lite Show Magic - Crack traxxxx\Lite Show Magic - Crack traxxxx (Fatfan Kolek) [TK'S Muzukashii].osu
[2014.06.04 16:55:12 | 000,024,303 | ---- | M] () -- \Program Files (x86)\osu!\Songs\139525 Lite Show Magic - Crack traxxxx\Lite Show Magic - Crack traxxxx (Fatfan Kolek) [TK'S Oni].osu
[2014.06.04 16:55:12 | 000,029,691 | ---- | M] () -- \Program Files (x86)\osu!\Songs\139525 Lite Show Magic - Crack traxxxx\Lite Show Magic - Crack traxxxx (Fatfan Kolek) [Yukoversible's xxxxTRA].osu
[2014.06.04 16:55:12 | 000,000,251 | ---- | M] () -- \Program Files (x86)\osu!\Songs\139525 Lite Show Magic - Crack traxxxx\Lite Show Magic - Crack traxxxx (Fatfan Kolek).osb
[2014.03.25 20:43:24 | 000,118,272 | ---- | M] () -- \Program Files\Blender Foundation\Blender\2.72\python\lib\site-packages\numpy\f2py\crackfortran.py
[2013.11.30 17:27:56 | 000,062,238 | ---- | M] () -- \Program Files\GIMP 2\share\gimp\2.0\patterns\cracked.pat
[2014.11.08 16:30:07 | 004,400,128 | ---- | M] () -- \ProgramData\Downloader\Downloads\Fraps 3.5.99 cracked & activated\Fraps 3.5.99 cracked & activated.exe
[2009.12.19 12:45:08 | 000,003,460 | ---- | M] () -- \Users\admin\AppData\Local\VirtualStore\Program Files (x86)\Game_Maker8\Sprites\Maze - Platform\wall_block_cracked1.png
[2009.12.19 12:45:08 | 000,003,675 | ---- | M] () -- \Users\admin\AppData\Local\VirtualStore\Program Files (x86)\Game_Maker8\Sprites\Maze - Platform\wall_block_cracked2.png
[2009.12.19 12:45:08 | 000,004,107 | ---- | M] () -- \Users\admin\AppData\Local\VirtualStore\Program Files (x86)\Game_Maker8\Sprites\Maze - Platform\wall_block_cracked3.png
[2009.12.19 12:45:08 | 000,003,529 | ---- | M] () -- \Users\admin\AppData\Local\VirtualStore\Program Files (x86)\Game_Maker8\Sprites\Maze - Platform\wall_block_cracked4.png
[2014.09.03 16:52:34 | 000,061,959 | ---- | M] () -- \Users\admin\AppData\Roaming\uTorrent\Adobe Photoshop CC 2014 (64 bit) (Crack) [ChingLiu].torrent
[2014.05.28 20:29:27 | 000,012,691 | ---- | M] () -- \Users\admin\AppData\Roaming\uTorrent\Aimersoft Video Converter Ultimate v5.6.0.1 Incl Crack - [MUMBAI].torrent
[2014.09.22 17:09:09 | 000,006,435 | ---- | M] () -- \Users\admin\AppData\Roaming\uTorrent\CCleaner v4.15.4725 Business & Professional Edition Incl. Crack [ATOM].torrent
[2014.05.28 21:45:47 | 000,012,891 | ---- | M] () -- \Users\admin\AppData\Roaming\uTorrent\SONY VEGAS PRO 9 + PATCH & CRACK.zip.torrent
[2014.10.12 02:13:47 | 000,096,256 | ---- | M] () -- \Users\admin\AppData\Roaming\uTorrent\;\crack vegas 9\Sony_VegasPro8_DVDArchitect45_SoundForge9_CRACK.exe
[2014.11.08 16:30:07 | 004,400,128 | ---- | M] () -- \Users\All Users\Downloader\Downloads\Fraps 3.5.99 cracked & activated\Fraps 3.5.99 cracked & activated.exe

< *keygen* /s >
[2014.04.20 09:51:19 | 000,002,651 | ---- | M] () -- \Users\admin\AppData\Roaming\uTorrent\Bandicam v1.9.2.454 FULL+Keygen {Cyclonoid}.1.torrent
[2014.01.28 20:32:09 | 000,002,651 | ---- | M] () -- \Users\admin\AppData\Roaming\uTorrent\Bandicam v1.9.2.454 FULL+Keygen {Cyclonoid}.torrent
[2014.10.12 02:13:47 | 000,204,800 | ---- | M] () -- \Users\admin\AppData\Roaming\uTorrent\;\crack vegas 9\Keygen.exe

< *AntiWPA* /s >

< *loader* /s >
[2003.09.15 13:02:00 | 000,169,384 | ---- | M] () -- \Counter-Strike 1.6\cstrike\models\qloader.mdl
[2003.09.15 12:55:50 | 000,352,548 | ---- | M] () -- \Counter-Strike 1.6\valve\models\loader.mdl
[2003.09.15 12:56:04 | 000,012,764 | ---- | M] () -- \Counter-Strike 1.6\valve\sound\ambience\loader_hydra1.wav
[2003.09.15 12:56:04 | 000,012,164 | ---- | M] () -- \Counter-Strike 1.6\valve\sound\ambience\loader_step1.wav
[2013.05.14 08:19:32 | 000,059,062 | ---- | M] () -- \Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\chrome\AMVideoConvertDownloader.jar
[2006.10.26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2014.04.01 16:40:46 | 003,138,560 | ---- | M] () -- \Program Files (x86)\FLV Downloader 1.0\FLVDownloader.exe
[2014.08.25 13:04:38 | 000,192,896 | ---- | M] () -- \Program Files (x86)\GameforgeLive\MultiHTTPDownloader.exe
[2014.09.23 10:38:02 | 000,068,688 | ---- | M] () -- \Program Files (x86)\GameforgeLive\Games\GBR_eng\TERA\Client\Binaries\PhysXLoader.dll
[2014.03.29 13:14:54 | 000,065,344 | ---- | M] () -- \Program Files (x86)\Goat Simulator\Binaries\Win32\PhysXLoader.dll
[2013.10.23 21:07:40 | 000,007,825 | ---- | M] () -- \Program Files (x86)\Steam\remoteui\static\libs\images\ajax-loader.gif
[2013.04.21 15:10:14 | 000,002,521 | ---- | M] () -- \Program Files (x86)\StepMania 5\Themes\default\BGAnimations\ScreenWithMenuElements background\_particleLoader.lua
[2014.05.23 07:23:01 | 000,528,184 | ---- | M] () -- \Program Files (x86)\Watch Dogs\bin\uplay_r1_loader64.dll
[2014.04.22 15:45:12 | 000,002,357 | ---- | M] () -- \Program Files (x86)\WOW Slider\templates\common\js\wowslider.preloader.js
[2014.08.14 19:30:17 | 000,071,968 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2014.08.14 19:30:18 | 000,085,376 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader64.exe
[2014.05.19 06:19:38 | 000,016,378 | ---- | M] () -- \Program Files\Blender Foundation\Blender\2.72\python\lib\unittest\loader.py
[2011.03.08 08:43:28 | 000,013,734 | ---- | M] () -- \Program Files\GIMP 2\Python\Lib\unittest\loader.py
[2013.12.01 14:09:05 | 000,061,528 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2014.11.08 16:23:32 | 001,868,800 | ---- | M] () -- \ProgramData\Downloader\downloader.exe
[2014.01.28 23:53:46 | 000,001,038 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Downloader 1.0\FLV Downloader 1.0.lnk
[2014.01.28 23:53:46 | 000,001,963 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Downloader 1.0\FLV Downloader Documentation.lnk
[2014.01.28 23:53:46 | 000,001,911 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Downloader 1.0\Uninstall FLV Downloader 1.0.lnk
[2014.01.28 23:51:16 | 000,002,360 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Downloader\FLV Downloader.lnk
[2014.01.29 16:53:38 | 000,001,257 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 1.7.4. Downloader\Minecraft 1.7.4. Downloader.lnk
[2013.09.29 11:01:24 | 000,000,232 | ---- | M] () -- \ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2014.10.12 02:12:52 | 000,517,696 | ---- | M] () -- \Users\admin\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.exe
[2014.01.10 16:12:48 | 000,004,322 | ---- | M] () -- \Users\admin\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.exe.config
[2014.04.01 16:42:05 | 000,188,038 | ---- | M] () -- \Users\admin\AppData\Local\Flvto Youtube Downloader\UninstallFlvtoYoutubeDownloader.exe
[2014.01.21 07:58:34 | 000,019,520 | ---- | M] () -- \Users\admin\AppData\Local\Flvto Youtube Downloader\de-DE\FlvtoYoutubeDownloader.resources.dll
[2014.01.21 07:58:34 | 000,018,496 | ---- | M] () -- \Users\admin\AppData\Local\Flvto Youtube Downloader\en-US\FlvtoYoutubeDownloader.resources.dll
[2014.01.21 07:58:38 | 000,019,008 | ---- | M] () -- \Users\admin\AppData\Local\Flvto Youtube Downloader\it-IT\FlvtoYoutubeDownloader.resources.dll
[2014.01.21 07:58:40 | 000,019,520 | ---- | M] () -- \Users\admin\AppData\Local\Flvto Youtube Downloader\pt-PT\FlvtoYoutubeDownloader.resources.dll
[2014.11.07 21:28:37 | 000,037,843 | ---- | M] () -- \Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\8.0.7_0\editor\editarea\edit_area\edit_area_loader.js
[2014.10.31 18:41:36 | 000,009,418 | ---- | M] () -- \Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.13_0\img\gifloader.gif
[2014.11.08 13:33:31 | 000,001,980 | ---- | M] () -- \Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B2LDUXJ\AdLoader[1].htm
[2014.11.05 15:40:32 | 000,001,980 | ---- | M] () -- \Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1UPOSH0\AdLoader[1].htm
[2014.11.07 16:19:02 | 000,018,715 | ---- | M] () -- \Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PS4N01MB\AdLoader-a5fa12058ddb9a8919d6906ba95d7c57.min[1].js
[2014.01.14 19:05:39 | 000,012,811 | ---- | M] () -- \Users\admin\AppData\Local\Overwolf\InstallerCache\preloader_3337.gif
[2014.10.12 02:13:02 | 000,432,040 | ---- | M] () -- \Users\admin\AppData\Local\Screenleap\downloader.exe
[2014.09.12 23:10:42 | 000,001,057 | ---- | M] () -- \Users\admin\AppData\Local\Screenleap\screenleapDownloader.log
[2014.07.24 14:53:16 | 000,072,638 | ---- | M] () -- \Users\admin\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.07.24 14:53:16 | 000,003,032 | ---- | M] () -- \Users\admin\AppData\Local\Skype\Apps\login\images\loader.png
[2014.07.24 14:53:16 | 000,006,012 | ---- | M] () -- \Users\admin\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.07.24 14:53:16 | 000,021,956 | ---- | M] () -- \Users\admin\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.07.24 14:53:16 | 000,009,772 | ---- | M] () -- \Users\admin\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2009.12.17 00:07:42 | 000,000,123 | ---- | M] () -- \Users\admin\AppData\Local\VirtualStore\Program Files (x86)\Game_Maker8\html\Loader.htm
[2009.12.17 00:30:00 | 000,006,111 | ---- | M] () -- \Users\admin\AppData\Local\VirtualStore\Program Files (x86)\Game_Maker8\html\Loader2.htm
[2014.06.07 13:38:00 | 000,001,691 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\runner\src\YYAndroidPackageDomain\YYAndroidPackageCompany\YYAndroidPackageProduct\ExpansionDownloaderService.java
[2014.06.07 13:38:02 | 000,001,051 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\widget\GraphObjectPagingLoader$1.class
[2014.06.07 13:38:02 | 000,001,079 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\widget\GraphObjectPagingLoader$2.class
[2014.06.07 13:38:02 | 000,001,053 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\widget\GraphObjectPagingLoader$3.class
[2014.06.07 13:38:02 | 000,000,468 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\widget\GraphObjectPagingLoader$OnErrorListener.class
[2014.06.07 13:38:02 | 000,000,447 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\widget\GraphObjectPagingLoader$PagedResults.class
[2014.06.07 13:38:02 | 000,007,712 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\widget\GraphObjectPagingLoader.class
[2014.06.07 13:38:02 | 000,001,570 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\widget\ImageDownloader$1.class
[2014.06.07 13:38:02 | 000,001,039 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\widget\ImageDownloader$CacheReadWorkItem.class
[2014.06.07 13:38:02 | 000,000,901 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\widget\ImageDownloader$DownloaderContext.class
[2014.06.07 13:38:02 | 000,000,981 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\widget\ImageDownloader$DownloadImageWorkItem.class
[2014.06.07 13:38:02 | 000,001,056 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\widget\ImageDownloader$RequestKey.class
[2014.06.07 13:38:02 | 000,008,510 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\widget\ImageDownloader.class
[2014.06.07 13:38:04 | 000,007,257 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\src\com\facebook\widget\GraphObjectPagingLoader.java
[2014.06.07 13:38:04 | 000,013,574 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\src\com\facebook\widget\ImageDownloader.java
[2014.06.07 13:38:06 | 000,011,680 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\play_apk_expansion\downloader_library\src\com\google\android\vending\expansion\downloader\DownloaderClientMarshaller.java
[2014.06.07 13:38:06 | 000,005,757 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\play_apk_expansion\downloader_library\src\com\google\android\vending\expansion\downloader\DownloaderServiceMarshaller.java
[2014.06.07 13:38:06 | 000,005,462 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\play_apk_expansion\downloader_library\src\com\google\android\vending\expansion\downloader\IDownloaderClient.java
[2014.06.07 13:38:06 | 000,002,920 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\play_apk_expansion\downloader_library\src\com\google\android\vending\expansion\downloader\IDownloaderService.java
[2014.06.07 13:38:06 | 000,050,025 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\play_apk_expansion\downloader_library\src\com\google\android\vending\expansion\downloader\impl\DownloaderService.java
[2014.08.30 20:55:51 | 008,333,429 | ---- | M] () -- \Users\admin\AppData\Roaming\MC Titan Technic v2\ForgeModLoader-client-0.log
[2014.08.30 20:38:21 | 000,000,000 | ---- | M] () -- \Users\admin\AppData\Roaming\MC Titan Technic v2\ForgeModLoader-client-0.log.lck
[2014.08.30 20:37:39 | 008,146,957 | ---- | M] () -- \Users\admin\AppData\Roaming\MC Titan Technic v2\ForgeModLoader-client-1.log
[2014.07.02 13:08:20 | 008,328,011 | ---- | M] () -- \Users\admin\AppData\Roaming\MC Titan Technic v2\ForgeModLoader-client-2.log
[2014.06.28 22:51:06 | 000,957,764 | ---- | M] () -- \Users\admin\AppData\Roaming\MC Titan Technic\ForgeModLoader-client-0.log
[2014.06.28 20:28:52 | 000,000,000 | ---- | M] () -- \Users\admin\AppData\Roaming\MC Titan Technic\ForgeModLoader-client-0.log.lck
[2014.06.28 11:19:03 | 001,049,501 | ---- | M] () -- \Users\admin\AppData\Roaming\MC Titan Technic\ForgeModLoader-client-1.log
[2014.06.26 22:45:10 | 001,224,784 | ---- | M] () -- \Users\admin\AppData\Roaming\MC Titan Technic\ForgeModLoader-client-2.log
[2014.07.01 14:12:21 | 000,359,391 | ---- | M] () -- \Users\admin\AppData\Roaming\mctitanpokemine4\ForgeModLoader-client-0.log
[2014.07.01 14:12:29 | 002,137,261 | ---- | M] () -- \Users\admin\AppData\Roaming\mctitanpokemine4\ForgeModLoader-client-0.log.1
[2014.07.01 13:53:20 | 000,000,000 | ---- | M] () -- \Users\admin\AppData\Roaming\mctitanpokemine4\ForgeModLoader-client-0.log.1.lck
[2014.07.01 13:53:20 | 000,000,000 | ---- | M] () -- \Users\admin\AppData\Roaming\mctitanpokemine4\ForgeModLoader-client-0.log.lck
[2014.07.01 13:48:13 | 000,336,950 | ---- | M] () -- \Users\admin\AppData\Roaming\mctitanpokemine4\ForgeModLoader-client-1.log
[2014.03.30 21:45:37 | 000,332,189 | ---- | M] () -- \Users\admin\AppData\Roaming\mctitanpokemine4\ForgeModLoader-client-2.log
[2014.03.30 18:39:55 | 000,000,069 | ---- | M] () -- \Users\admin\AppData\Roaming\mctitanpokemine4\config\TConPreloader.cfg
[2014.11.08 16:28:16 | 000,000,607 | ---- | M] () -- \Users\admin\AppData\Roaming\Microsoft\Windows\Recent\Downloader.lnk
[2014.02.08 15:44:40 | 000,002,186 | ---- | M] () -- \Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader\Flvto Youtube Downloader.lnk
[2014.02.08 15:44:40 | 000,001,373 | ---- | M] () -- \Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader\Uninstall Flvto Youtube Downloader.lnk
[2013.03.25 16:21:00 | 000,388,776 | ---- | M] () -- \Users\admin\AppData\Roaming\TERA\launcher\live\downloader.bundle
[2013.03.20 07:02:00 | 000,694,656 | ---- | M] () -- \Users\admin\AppData\Roaming\TERA\launcher\live\downloader.dll
[2014.11.08 16:23:32 | 001,868,800 | ---- | M] () -- \Users\admin\Desktop\downloader.exe
[2014.05.01 03:27:16 | 000,047,934 | ---- | M] () -- \Users\admin\Downloads\wordpress\wp-includes\script-loader.php
[2013.10.30 13:39:10 | 000,002,747 | ---- | M] () -- \Users\admin\Downloads\wordpress\wp-includes\template-loader.php
[2014.02.13 07:03:14 | 000,003,878 | ---- | M] () -- \Users\admin\Downloads\wordpress\wp-includes\images\uploader-icons-2x.png
[2014.02.13 07:03:14 | 000,001,556 | ---- | M] () -- \Users\admin\Downloads\wordpress\wp-includes\images\uploader-icons.png
[2013.11.15 03:31:10 | 000,004,281 | ---- | M] () -- \Users\admin\Downloads\wordpress\wp-includes\js\customize-loader.js
[2013.11.13 20:45:12 | 000,002,539 | ---- | M] () -- \Users\admin\Downloads\wordpress\wp-includes\js\customize-loader.min.js
[2013.12.28 22:53:16 | 000,002,608 | ---- | M] () -- \Users\admin\Downloads\wordpress\wp-includes\js\tinymce\skins\lightgray\img\loader.gif
[2014.10.22 19:38:14 | 000,169,384 | ---- | M] () -- \Users\admin\GSplay\csko\cstrike\models\qloader.mdl
[2014.10.22 19:41:09 | 000,352,548 | ---- | M] () -- \Users\admin\GSplay\csko\valve\models\loader.mdl
[2014.10.22 19:40:40 | 000,012,764 | ---- | M] () -- \Users\admin\GSplay\csko\valve\sound\ambience\loader_hydra1.wav
[2014.10.22 19:40:38 | 000,012,164 | ---- | M] () -- \Users\admin\GSplay\csko\valve\sound\ambience\loader_step1.wav
[2011.07.18 22:33:32 | 000,008,787 | ---- | M] () -- \Users\admin\Notepad++\user.manual\sites\all\modules\fancy_login\images\ajax-loader.gif
[2014.11.08 16:23:32 | 001,868,800 | ---- | M] () -- \Users\All Users\Downloader\downloader.exe
[2014.01.28 23:53:46 | 000,001,038 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\FLV Downloader 1.0\FLV Downloader 1.0.lnk
[2014.01.28 23:53:46 | 000,001,963 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\FLV Downloader 1.0\FLV Downloader Documentation.lnk
[2014.01.28 23:53:46 | 000,001,911 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\FLV Downloader 1.0\Uninstall FLV Downloader 1.0.lnk
[2014.01.28 23:51:16 | 000,002,360 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\FLV Downloader\FLV Downloader.lnk
[2014.01.29 16:53:38 | 000,001,257 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Minecraft 1.7.4. Downloader\Minecraft 1.7.4. Downloader.lnk
[2013.09.29 11:01:24 | 000,000,232 | ---- | M] () -- \Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2014.09.12 15:57:40 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2014.11.08 16:41:00 | 000,104,956 | ---- | M] () -- \Windows\Prefetch\DOWNLOADER.EXE-304427A7.pf
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 06:37:37 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009.07.14 06:37:37 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2009.07.14 06:37:37 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2009.07.14 06:37:37 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2009.07.14 06:37:37 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2009.07.14 03:58:45 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009.07.14 03:58:45 | 000,641,088 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.efi_75834aa0
[2009.07.14 03:58:45 | 000,604,192 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.exe_75835076
[2009.07.14 03:58:45 | 000,557,136 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.efi_85cd069f
[2009.07.14 03:58:45 | 000,518,352 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 03:44:20 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009.07.14 03:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.03.30 12:29:00 | 000,008,192 | ---- | M] () -- \xampp\mailtodisk\_win32sysloader.pyd
[2014.10.12 02:16:14 | 000,068,096 | ---- | M] () -- \xampp\MercuryMail\loader.exe
[2012.10.16 17:45:46 | 000,015,791 | ---- | M] () -- \xampp\perl\lib\AutoLoader.pm
[2013.03.12 15:01:48 | 000,025,696 | ---- | M] () -- \xampp\perl\lib\DynaLoader.pm
[2013.03.04 17:16:22 | 000,017,377 | ---- | M] () -- \xampp\perl\lib\SelfLoader.pm
[2013.03.12 15:00:00 | 000,010,589 | ---- | M] () -- \xampp\perl\lib\XSLoader.pm
[2013.03.04 17:16:22 | 000,000,490 | ---- | M] () -- \xampp\perl\lib\Locale\Maketext\GutsLoader.pm
[2005.04.28 02:55:32 | 000,005,746 | ---- | M] () -- \xampp\perl\vendor\lib\Class\Loader.pm
[2001.05.02 05:01:04 | 000,000,648 | ---- | M] () -- \xampp\perl\vendor\lib\Class\LoaderTest.pm
[2012.07.13 20:57:02 | 000,024,325 | ---- | M] () -- \xampp\perl\vendor\lib\YAML\Loader.pm
[2012.04.16 16:30:20 | 000,004,896 | ---- | M] () -- \xampp\php\pear\Crypt\RSA\MathLoader.php
[2013.06.18 09:26:21 | 000,006,565 | ---- | M] () -- \xampp\php\pear\PEAR\Autoloader.php
[2013.06.18 09:26:21 | 000,066,585 | ---- | M] () -- \xampp\php\pear\PEAR\Downloader.php
[2013.06.18 15:16:52 | 000,005,511 | ---- | M] () -- \xampp\php\pear\PHPUnit\Runner\StandardTestSuiteLoader.php
[2013.06.18 15:16:52 | 000,002,806 | ---- | M] () -- \xampp\php\pear\PHPUnit\Runner\TestSuiteLoader.php
[2013.06.18 15:16:52 | 000,003,814 | ---- | M] () -- \xampp\php\pear\PHPUnit\Util\Fileloader.php
[2013.06.18 09:31:55 | 000,004,609 | ---- | M] () -- \xampp\php\pear\PHPUnit2\Runner\StandardTestSuiteLoader.php
[2013.06.18 09:31:55 | 000,003,186 | ---- | M] () -- \xampp\php\pear\PHPUnit2\Runner\TestSuiteLoader.php
[2013.06.18 09:31:56 | 000,003,767 | ---- | M] () -- \xampp\php\pear\PHPUnit2\Util\Fileloader.php
[2013.06.18 15:16:48 | 000,000,334 | ---- | M] () -- \xampp\php\pear\Symfony\Component\Yaml\autoloader.php
[2014.08.17 17:56:15 | 000,000,673 | ---- | M] () -- \xampp\phpMyAdmin\doc\html\_static\ajax-loader.gif
[2013.07.02 09:59:12 | 000,020,714 | ---- | M] () -- \xampp\tomcat\webapps\docs\class-loader-howto.html
[2013.07.02 09:59:12 | 000,016,741 | ---- | M] () -- \xampp\tomcat\webapps\docs\config\loader.html

< *minodlogin* /s >

< *tnod* /s >
[2014.03.29 13:14:54 | 000,003,128 | ---- | M] () -- \Program Files (x86)\Goat Simulator\Engine\EditorResources\FaceFX\res\icons\FxGenericTargetNode.bmp

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2014.04.01 16:40:54 | 000,279,376 | ---- | M] () -- \Program Files (x86)\Nero\KM\SerialHelper.exe
[2013.11.08 13:00:34 | 000,248,144 | ---- | M] () -- \Program Files (x86)\Nero\Nero Blu-ray Player\boost_serialization-mt.dll
[2013.11.08 13:00:34 | 000,167,760 | ---- | M] () -- \Program Files (x86)\Nero\Nero Blu-ray Player\boost_wserialization-mt.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2014.02.14 19:09:35 | 000,117,760 | ---- | M] () -- \Program Files (x86)\Steam\SteamApps\common\Aerena\game_Data\Managed\System.Runtime.Serialization.dll
[2014.03.06 10:26:29 | 000,712,704 | ---- | M] () -- \Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\dmserializers.dll
[2013.04.21 15:10:14 | 000,003,954 | ---- | M] () -- \Program Files (x86)\StepMania 5\Themes\_fallback\Scripts\02 Serialize.lua
[2009.06.10 21:30:43 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2012.10.26 12:11:30 | 000,321,408 | ---- | M] () -- \Program Files\Sony\Vegas Pro 12.0\CoreUI.XmlSerializers.dll
[2012.10.26 12:11:34 | 000,460,672 | ---- | M] () -- \Program Files\Sony\Vegas Pro 12.0\Sony.MediaSoftware.TextGen.CoreGraphics.XmlSerializers.dll
[2010.05.12 08:59:48 | 000,311,296 | ---- | M] () -- \Program Files\Sony\Vegas Pro 9.0\CoreUI.XmlSerializers.dll
[2010.05.12 08:59:44 | 000,450,560 | ---- | M] () -- \Program Files\Sony\Vegas Pro 9.0\Sony.MediaSoftware.TextGen.CoreGraphics.XmlSerializers.dll
[2014.06.07 13:38:01 | 000,001,680 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\AccessToken$SerializationProxyV1.class
[2014.06.07 13:38:02 | 000,000,317 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\Request$KeyValueSerializer.class
[2014.06.07 13:38:02 | 000,004,906 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\Request$Serializer.class
[2014.06.07 13:38:02 | 000,002,008 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\Session$AuthorizationRequest$AuthRequestSerializationProxyV1.class
[2014.06.07 13:38:02 | 000,001,519 | ---- | M] () -- \Users\admin\AppData\Roaming\GameMaker-Studio\Android\SDKLibs\facebook-android-sdk\facebook\bin\classes\com\facebook\Session$SerializationProxyV1.class
[2014.09.12 05:47:23 | 000,000,083 | ---- | M] () -- \Users\admin\AppData\Roaming\uTorrent\;\MicroSoft Office 2007 With Key -THADOGG\Serial.txt
[2011.01.20 22:09:38 | 000,000,783 | ---- | M] () -- \Users\admin\Downloads\wordpress\wp-includes\js\jquery\jquery.serialize-object.js
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009.07.14 05:56:20 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll
[2009.07.14 05:55:32 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d57d865568209a71d63739fa448ed6df\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.05.29 21:36:06 | 001,084,928 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\CoreUI.XmlSerialize#\6fb6f4b7205ff9833adf865e0a683550\CoreUI.XmlSerializers.ni.dll
[2009.07.14 05:59:40 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\12aaff696a0c54773664b4c5407deaa2\System.Runtime.Serialization.ni.dll
[2009.07.14 05:57:59 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\d0c6d3aadce1e38bbcb06905e132a503\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.01.15 08:16:29 | 000,304,640 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\873837befa260d32cd0b3ce811b96efb\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.01.15 08:16:29 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\873837befa260d32cd0b3ce811b96efb\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014.01.15 08:16:28 | 002,785,280 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll
[2014.01.15 08:16:28 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll.aux
[2014.01.15 08:17:06 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\15ecbb8a1ddca366bda70718005521a1\System.Xml.Serialization.ni.dll
[2014.01.15 08:17:06 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\15ecbb8a1ddca366bda70718005521a1\System.Xml.Serialization.ni.dll.aux
[2014.01.16 22:59:57 | 000,373,248 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\cab4c46773a123bd72b938cc405aed46\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.01.16 22:59:57 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\cab4c46773a123bd72b938cc405aed46\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014.01.16 22:59:56 | 003,599,872 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\9ffb83b70cc1fa28d2fd02956cf0c831\System.Runtime.Serialization.ni.dll
[2014.01.16 22:59:56 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\9ffb83b70cc1fa28d2fd02956cf0c831\System.Runtime.Serialization.ni.dll.aux
[2014.01.16 23:01:50 | 000,028,672 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\b2db45296eabfd00db1920158f3f5eb5\System.Xml.Serialization.ni.dll
[2014.01.16 23:01:50 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\b2db45296eabfd00db1920158f3f5eb5\System.Xml.Serialization.ni.dll.aux
[2012.07.09 00:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.07.09 00:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2012.07.09 00:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2012.07.09 00:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2012.07.09 00:40:08 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.07.09 00:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2012.07.09 00:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2012.07.09 00:40:08 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2012.07.09 00:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012.07.09 00:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2012.07.09 00:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2012.07.09 00:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2012.07.09 00:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2012.07.09 00:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2009.06.10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 21:30:46 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2012.07.09 00:40:08 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2012.07.09 00:40:10 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012.07.09 00:40:08 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2012.07.09 00:40:08 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2012.07.09 00:40:08 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2012.07.09 00:40:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2012.07.09 00:40:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009.07.14 03:10:04 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2009.07.14 03:10:04 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\en-US\serialui.dll.mui
[2009.07.14 03:26:50 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781\serialui.dll.mui
[2009.07.14 02:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2009.07.14 03:30:28 | 000,010,240 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_64015f894ce7c72a\serial.sys.mui
[2009.07.14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2009.06.10 21:30:46 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c\System.Runtime.Serialization.dll
[2009.06.10 21:30:43 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05\System.Runtime.Serialization.dll
[2009.07.14 03:57:21 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2009.07.14 03:57:21 | 000,017,984 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc_kdcom.dll_db5e7744
[2009.07.14 06:37:34 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781_serialui.dll.mui_7d29d2a3
[2009.07.14 03:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2009.07.14 06:37:35 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009.07.14 03:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 03:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2009.07.14 03:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2009.07.14 03:26:23 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c.manifest
[2009.07.14 03:27:09 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05.manifest
[2009.07.14 02:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2009.07.14 03:42:40 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2009.07.14 02:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2009.07.14 02:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2009.07.14 03:10:04 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2010.06.03 18:33:26 | 000,002,032 | ---- | M] () -- \xampp\perl\vendor\lib\SOAP\Deserializer.pod
[2011.08.15 22:28:44 | 000,013,279 | ---- | M] () -- \xampp\perl\vendor\lib\SOAP\Serializer.pod
[2012.04.16 16:30:20 | 000,040,836 | ---- | M] () -- \xampp\php\pear\XML\Serializer.php
[2012.04.16 16:30:20 | 000,029,989 | ---- | M] () -- \xampp\php\pear\XML\Unserializer.php
[2014.08.17 17:56:15 | 000,003,035 | ---- | M] () -- \xampp\phpMyAdmin\js\jquery\src\jquery\serialize.js

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:55B41E6A

< End of report >

Paysami · #10 Příspěvek od **Paysami** » 08 lis 2014 17:52

Extras

OTL Extras logfile created on: 8.11.2014 17:20:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

6,00 Gb Total Physical Memory | 3,66 Gb Available Physical Memory | 61,06% Memory free
12,00 Gb Paging File | 9,14 Gb Available in Paging File | 76,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,51 Gb Total Space | 78,74 Gb Free Space | 21,14% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-992597708-1987578634-1854157398-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F38C2C-4F8C-4735-B050-3C1ECC6E5EEF}" = rport=139 | protocol=6 | dir=out | app=system |
"{0B44AC81-C94A-4588-A692-F440C5843906}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{115DE391-C39D-4C1B-9189-03443116D32D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1244D346-64E6-4ACC-AFBA-6ECD8E790F66}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1523A147-D8BB-448D-96B2-16261C71EB0E}" = lport=56842 | protocol=17 | dir=in | name=pando media booster |
"{173B26E4-B0C3-4D4F-9DDF-C56E37C2411B}" = lport=137 | protocol=17 | dir=in | app=system |
"{22F27C86-C8F1-4FD7-A732-3A333665315F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28CD4191-AB48-4BAD-81D8-EE2AF23705D5}" = lport=31302 | protocol=6 | dir=in | name=apsesmagusstabs |
"{35CC9C46-9C36-4599-90A9-74E88E52B0AB}" = lport=31302 | protocol=6 | dir=in | name=operabandywand |
"{44C4E892-3F9C-4E67-960B-3F9F233501B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49D251FF-6F48-4A1B-BFB0-13F606A01E17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B43D847-D2A5-485E-B897-2DBCD9113138}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53368F8E-AA18-4EB5-ACBE-27D3D121A932}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6DC70584-9CC8-46B9-9027-70F75C761582}" = lport=56842 | protocol=6 | dir=in | name=pando media booster |
"{6FAFD009-12E2-4508-9A70-7D12C329588F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74963863-6D27-433F-BF29-6174EF4177DB}" = lport=139 | protocol=6 | dir=in | app=system |
"{8537A23A-5738-4210-A06C-23EA4899178E}" = rport=137 | protocol=17 | dir=out | app=system |
"{99E72DD2-652C-4797-8800-D90D6289F4EB}" = lport=56842 | protocol=17 | dir=in | name=pando media booster |
"{9D691587-2569-410F-A78B-72CA9A2B877F}" = lport=445 | protocol=6 | dir=in | app=system |
"{9F840FFB-E6D7-4554-8075-772E9A52069A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B3808FEB-20D6-44D0-A111-315D2FC702A8}" = lport=56842 | protocol=6 | dir=in | name=pando media booster |
"{DB569E9C-7C05-4B0A-A8EC-3860ECE5D425}" = lport=138 | protocol=17 | dir=in | app=system |
"{DFD093B8-DD77-480B-AE7F-8D9A398639DA}" = rport=445 | protocol=6 | dir=out | app=system |
"{E0C73AEB-FE20-4510-8B80-7BF76FA3E947}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E2228279-82D7-48E2-ACF2-18E2772CFCF9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{EC70E6B6-6423-4EE3-A100-7E9DA7B46BD9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F5EBC53C-F5DB-436D-9F22-9E2C6F9BC685}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F893DE2A-BA46-4CE0-9A56-F590E6999742}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C5A575-02AB-4CE8-837A-FC3BC777D627}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0703EE5B-70DC-451B-A98C-D2EFBF840797}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0A4DCF28-B085-4133-A281-D9FD1BA8BF0F}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{0AF88696-89AC-4DE5-BE9C-55698A247E12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{0BCC9E38-E023-4CFA-85F6-7EF9DC1BED6E}" = protocol=17 | dir=in | app=c:\programdata\downloader\downloader.exe |
"{0C0D0BA3-9716-48B9-99F3-42BD1DBC7B63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D34C56F-D5D5-4650-99E1-C8A2FB98EBD2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{0FCDCD51-3619-4685-8792-155ABD4D252A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11EB9B17-A608-4459-A3C3-B47D60232FAB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11F34C14-2622-4873-8D67-D3066C176403}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{13398989-8036-4DEA-A291-0F55C8E378F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{136709F9-00D8-4E11-87AC-CA3D45D6523A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{14AD8C09-54C0-481E-AF8D-385EB0CD56CA}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
"{1B93FB50-6D21-48F3-ABD2-96F731A4A184}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{1BCC5300-2BAC-450E-A8D9-B470F03AB1D1}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforgelive\gfl_client.exe |
"{232F290C-29CA-4C69-A9DC-CC589A43E6C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{23696A69-6DB6-4C33-AD50-DADBEF03D33A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2965C246-2ABF-4233-826A-1DE690363900}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2ABBB1E5-3F8C-446D-899E-A76F6DDC3A68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\robocraft\robocraft.exe |
"{35B803B5-BD9F-4DEA-A400-13DB59C696CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{394A10C5-10DD-438E-BA73-9C04348DDE2F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3BB83695-99D6-4FCC-8CEC-E2C961A000B4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |
"{3D471AC7-9339-48B2-A131-8A817E464522}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DDA8C49-F4C2-4190-A4AD-A30292EB9B38}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\nmdllhost.exe |
"{4DECC6AB-A418-4695-8BAB-45FAA1E6CDE0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{585DA560-E4F6-441E-A896-A7F424C75D88}" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"{592AA1F3-DE04-466A-B14C-AF84AACD6F54}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{59719AF3-60F2-4E16-8573-A3DF403D320C}" = protocol=17 | dir=in | app=c:\cflog\elsword_en\data\x2.exe |
"{5AE41A4A-36AD-48AD-BE89-D28B0CB6B0FE}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{5B5ED05B-FDB1-4AF6-8578-5BE2916D1E8C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{5C28901D-6885-4F7B-B990-3470AE0F7E2B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{5CEB944C-7373-423E-90F7-1F53AF2F6AB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{5EDACC98-BA2A-4138-B005-62C333FF7A8D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{608C7782-6089-4910-8A1F-B49BA4D39F01}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{61BC650E-D923-44EF-B680-76BC964D46E1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{65CAB7B4-6C68-4E82-9C13-D8BCB18D7DF9}" = dir=in | app=c:\programdata\rtorrent\bin\rtorrent.exe |
"{6B2C36A6-C1CD-4FB9-9D0C-AB8AFC34CCDD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BC9460F-F03F-4C9F-9388-47544BBDEB35}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{70F44929-5B8D-446E-B27A-D4D6C42FBC84}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{717053A7-C504-4F92-9AC9-44C437FE77C1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{763E8D9E-0FC3-4421-858F-5620EB32CC43}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{7A72E3FA-3BFE-4F59-B1DA-890EB14A8E27}" = protocol=6 | dir=in | app=c:\programdata\downloader\downloader.exe |
"{7F1A98D5-6F55-47A5-9B15-B752CA19651A}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{80CC0CAA-5769-43CF-853D-FBA934D5FB9F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{811E5DB0-121D-42ED-BDBB-216614B21490}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe |
"{83EE9AC7-8046-47DA-8706-914332E79A0B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{861F8079-B7EE-4017-A73C-56928F5C4350}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{86E893F3-97A3-42A8-ADD1-E8E50F8C80CC}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{8B612B5C-0C52-464A-A090-B724252999AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94711B88-EF5E-461F-A928-1D032AF71830}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aerena\game.exe |
"{97E9D988-716F-4112-B683-1BF74BAFEAC1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |
"{982E5062-F3CC-49BD-951C-ECA0765B46C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9AFAF6B0-581E-4F31-9808-74F53E3875FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9D1F1A16-F244-4C22-8670-4576D8F97CF4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9D3115F0-4A7B-46EE-BA77-603EE7CC966C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{9FB696DC-063A-4492-93AB-1CCCBE680534}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{A819846A-E871-4E35-B479-BFF320A10275}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A8628B4B-3BD2-4B28-AEBD-50A49F552E93}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AC3656DB-3ED1-459B-B6FA-2D3A110906A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe |
"{AE40044B-D9F4-4E6F-A6E1-FA821E5A6116}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\nmdllhost.exe |
"{B3228F00-60C5-4DF7-9A86-7CA003A770D2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{B5A8EA74-4A6F-4D16-B69F-9450F2DC5AC8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{B6F98051-B342-40D2-8246-9376BDDCB2DD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{B7713552-B59E-476F-9B92-BE7EF8AE293E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B8ED737C-21DD-42CD-A6C9-44794F8A981E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BA43192B-738D-4437-BE8B-55A97DAABB7B}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{BEEFB2FB-C54B-4356-BFFD-21FF1411A138}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C0826795-44A1-4C2D-A947-B6B1B0758F6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4090926-1B3B-48D6-BB97-04B442390E39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C6A78CE3-B787-4B86-B9A4-321C7C858070}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\robocraft\robocraft.exe |
"{C897F80D-24EC-419D-86BB-5E216BF943B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aerena\game.exe |
"{D09DEE0C-9ECD-44AB-A158-3A7B238663AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{D324BE34-FF4B-4AF8-B8BD-079E417C0192}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{D35F28B6-F9EF-4881-AE69-03FF2E9F1500}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5F7A083-D8D0-430A-8A54-D962A525ADAA}" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"{D7C9C4FE-3F77-4A0F-AFD6-10F6304AF173}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
"{DE851E07-6C00-4FA1-B503-D4AA58923C5C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{DFB99EAA-67EA-47D0-853D-54F200A836ED}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{E1C11C0F-4F04-4D92-A235-64F6D96238D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{EA4A2E51-1591-4DC7-BBDC-FFDB55545AF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{ED8B0A87-F6DF-49EA-B8B2-D384F5BAC2F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{F4EA2F9C-A2EC-4CDD-8414-3ECA63EE83F6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{F58C542A-C23A-4AEE-BE74-A086154EED49}" = protocol=6 | dir=out | app=system |
"{FAE4F9C6-61D2-4FFF-BE3B-532A83B9D6B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBFF9960-CDA8-415C-98E8-4525D56BB7C8}" = protocol=6 | dir=in | app=c:\cflog\elsword_en\data\x2.exe |
"{FD5A52A0-4C0C-4B97-8695-4207F67575FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{FD846D27-159B-4637-B5B6-19A349627198}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{0984C419-80E1-474E-BA47-2DBAB7D5A763}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{0B2FA55B-254A-4889-8045-B2793F69A65B}C:\users\admin\appdata\roaming\gamemaker-studio\runner.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\gamemaker-studio\runner.exe |
"TCP Query User{1D2D2EF9-5622-4999-A99B-7321044A8BB4}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{31314B73-3609-4645-A5FF-5CCA553CBD45}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{39CAFC99-0AC1-4A16-9CE5-97707CDFD056}C:\users\admin\gsplay\csko\hl.exe" = protocol=6 | dir=in | app=c:\users\admin\gsplay\csko\hl.exe |
"TCP Query User{3EDB837F-F0B1-4275-A61F-C05A7BB57250}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{4125075F-216D-45BA-BB5F-4D1D9B014659}C:\Program Files (x86)\NCWest\nclauncher\ncupdatehelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
"TCP Query User{6061E9AD-11A6-42F2-B6EF-1C966488950D}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe |
"TCP Query User{6B136FDC-5CFA-4DC4-9B4A-8DEDA40BE641}C:\users\admin\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{74012F60-DA63-4330-9917-BD303C53131B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{7D014C82-B068-4127-BE18-0EDCDB8B3FC1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{C194B99F-2E87-4B1A-87F5-32DC24EFD805}C:\program files (x86)\stepmania 5\program\stepmania-sse2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stepmania 5\program\stepmania-sse2.exe |
"TCP Query User{C6AC0195-B888-4384-8D29-5D111BB6865F}C:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe |
"TCP Query User{F314AA7E-E428-4004-8CAB-34496890ADF1}C:\program files (x86)\hammermt2 server 1 2014\hammermt2 server 1 2014.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hammermt2 server 1 2014\hammermt2 server 1 2014.exe |
"TCP Query User{F5E95FD0-4049-402D-8B80-68C034B6EFE6}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe |
"UDP Query User{0FDFAF4A-F378-4CDE-8E5D-AB2354F9D3D3}C:\program files (x86)\hammermt2 server 1 2014\hammermt2 server 1 2014.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hammermt2 server 1 2014\hammermt2 server 1 2014.exe |
"UDP Query User{141065DC-42E0-4971-A2AC-EF04B4B63FDC}C:\users\admin\gsplay\csko\hl.exe" = protocol=17 | dir=in | app=c:\users\admin\gsplay\csko\hl.exe |
"UDP Query User{337B5B4B-EB62-45E8-A0EC-48536E749EDE}C:\users\admin\appdata\roaming\gamemaker-studio\runner.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\gamemaker-studio\runner.exe |
"UDP Query User{3B90B185-85FA-4D86-8DE2-F096B23524AB}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe |
"UDP Query User{3D1ECC39-71B1-4E0D-A595-90CA6AF3D90E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{6426A928-941F-4A4A-9D6B-E9F0181751F2}C:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforgelive\games\gbr_eng\tera\tera-launcher.exe |
"UDP Query User{9418E6B5-E325-43DB-8D55-BE19E813E483}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{991D407B-E3A3-40EA-8895-E79886A87752}C:\Program Files (x86)\NCWest\nclauncher\ncupdatehelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
"UDP Query User{A739BD44-BB05-4A27-A36B-8EADA71DB137}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{ACEF5873-F76F-479D-AB05-E4E55BB99722}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{B0CBCDF0-9491-4650-B7C4-0BF5C7F05457}C:\program files (x86)\stepmania 5\program\stepmania-sse2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stepmania 5\program\stepmania-sse2.exe |
"UDP Query User{B5C2CF49-635F-4FF2-B28B-768405383AA7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{B8217363-191E-4D7E-BEC0-D746DFB6E635}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe |
"UDP Query User{C40DB178-5B06-4A14-80E7-E5D2D38093B2}C:\users\admin\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{F2CEE7A7-4057-4966-9238-5C7A769AD990}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{308051DA-0048-7A07-FE8B-9B6EC119A9E8}" = AMD Catalyst Install Manager
"{44AAA767-F540-F091-4571-ADCBC10B0C92}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{678A75C7-5953-B109-57EE-46C7BA4C29C1}" = AMD Drag and Drop Transcoding
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit)
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AEF57B06-B494-8180-AFC7-05EFB1DB2B64}" = ccc-utility64
"{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}" = AMD Media Foundation Decoders
"{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}" = AMD Wireless Display v3.0
"{FCC4426F-0296-D30D-729C-E76C8E7252C7}" = AMD Accelerated Video Transcoding
"Blender" = Blender
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.10
"PremiumSoft Navicat Premium_is1" = PremiumSoft Navicat Premium 11.1
"Sublime Text 3_is1" = Sublime Text Build 3047
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
"WinRAR archiver" = WinRAR 5.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{046B79EE-7ED3-37A4-621A-FE297EF484C2}" = CCC Help Greek
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}" = Lineage II
"{0CF7D22B-977C-43B2-9219-E03017FBAC6D}" = Nero Recode Help (CHM)
"{10CB5DDD-38E1-2EB2-F62C-C1948A99943E}" = AMD Catalyst Control Center
"{1194740D-0DB8-A508-31BA-E722597B4516}" = Catalyst Control Center Graphics Previews Common
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1D4FBA7F-5BE3-48B9-B82B-6E55FDA5BF74}" = Nero MediaHome
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FB16E3B-3AFB-46CB-6E83-2F5A0CF4ED16}" = Catalyst Control Center Localization All
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{22300F72-8BFC-4BCA-881A-2D2234979FBB}_is1" = MurGee Auto Mouse Click 1.0
"{23664DA8-8872-4CF4-A2F2-327CC539823B}" = Lineage II
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2E3A81FB-7952-F8CB-9AD5-50544E2F4838}" = CCC Help Czech
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{36DA8969-4DCD-48FF-894A-6BD3936050C3}" = Nero Blu-ray Player Help (CHM)
"{3AD3C0C2-65A2-45AE-BFAF-7879CFFF7DA8}" = Nero Disc to Device
"{4172E797-CE12-AC47-05B7-0E48BDB33E75}" = CCC Help Russian
"{4428AEE6-FA5E-2913-8D12-B410E85E11AA}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA46F9F-174C-4766-9EA2-2325DF414B9E}" = Nero Express Help (CHM)
"{4FF1533E-FF2C-A04A-25DD-A8AEC6FA106B}" = CCC Help Chinese Standard
"{5446D3AF-B060-49B6-9535-F300E1532022}" = Nero Video Help (CHM)
"{581DCE84-1948-4891-A4A7-A1222CC137C5}" = Nero RescueAgent
"{5909A89E-C97F-407C-AE2B-47BDED86BF5D}" = Prerequisite installer
"{5B1886C1-6EFA-4D07-95D3-8B84C743CC71}" = Nero Recode
"{6071CB80-DABC-B10D-F244-7F410FB3B150}" = CCC Help Polish
"{6343B6BA-F97F-B336-9ED8-FFD43776E84D}" = CCC Help Finnish
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6B84E528-9705-4D36-9C97-97B8E23DAB75}" = League of Legends
"{75CA8AAE-5346-4312-A9A8-5CF89955930F}" = Nero MediaHome Help (CHM)
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D3A11D0-D925-FA0F-43F3-242E49975CD2}" = CCC Help Danish
"{8DCD39C9-861A-4067-84FD-F9DEC7A79C10}" = Nero Device Updates
"{8EF39A9F-6A57-9706-86A5-9312D9ED8016}" = CCC Help Portuguese
"{8F68A9D9-F100-4E1D-8F73-95962BB2F503}" = FLV Toolbar v9.0
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90D83CB4-3692-458C-95D4-E60CC7E0B278}" = Latency Optimizer FREE VERSION
"{92352C97-C657-DB89-5F3A-E8C3789D9C89}" = CCC Help Chinese Traditional
"{95545E55-3309-1929-FF41-2908A9706742}" = CCC Help Turkish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9893B338-1250-4511-A280-520B984F465C}_is1" = HammerMT2 Server 1 2014 version 2014
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AAC4108-B87E-4B68-B5EB-5629819F6398}" = Nero Blu-ray Player
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 2.0.5
"{9CA5F712-9CAA-B3CB-02D3-7134DFC8801E}" = CCC Help French
"{A128A816-FD3F-990E-DD80-E1735BD718AE}" = CCC Help Italian
"{A227B892-C548-4490-9C5D-DB341F8194A6}_is1" = Euro Truck Simulator 2 Multiplayer 0.1 Alpha
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC86EE3-425F-43B9-9A4F-4AA765B5A4FB}_is1" = AVI&WMV
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) - Czech
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{ADE7701B-D77C-4503-9CFC-ECF33C9290AA}_is1" = Minecraft 1.7.4. Downloader version for Windows
"{AFC9ECA9-6A4E-1370-98F3-002B63B5AF8E}" = CCC Help Thai
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B166374C-105E-445E-8E5D-A86CA5742645}" = Nero Burning Core
"{B791E0AB-87A9-41A4-8D98-D13C2E37D928}" = Nero Info
"{B88F2045-CF9A-996C-1670-6F7D65F1D18A}" = CCC Help Norwegian
"{B9AAB4EC-529D-4D79-861D-CABC1FD9C73E}" = Female Voice Pack
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{BED96D0C-7743-3CE3-F7DF-A0A4475FBF2F}" = CCC Help Hungarian
"{C2A4BAE3-A4E9-4B01-B33D-EF68B976CA70}" = Nero Video
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C83F056D-E3D5-4308-B3ED-9FAFA8ACF821}_is1" = Auto Mouse Clicker v3.9
"{c9b07ea7-3bca-4f86-bc76-2674ab94f4d7}" = osu!
"{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding
"{CCE68200-4ED0-3E0A-A7F2-504897E356AB}" = Google Talk Plugin
"{CDFE8F95-F80F-4115-9C3F-0E1FD8F9F58C}" = Nero ControlCenter Help (CHM)
"{CFF19D4A-F26D-4C6C-8535-A7C9107C9027}" = Nero 2014
"{D5115C78-2D22-4668-A5E2-6C87DED3ED1B}" = Nero Launcher
"{E12E0F6C-2A96-49E1-8618-3E777EB79D30}" = HDDlife Pro 4.1
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E224D9E6-E4EC-4428-A0B4-FF1A250AB9F6}" = LaRoXionMT2
"{E297492A-E114-CAE0-502E-5F36C386DD30}" = CCC Help Dutch
"{E6533A85-ED92-F897-2B68-58AC3BD87F94}" = CCC Help English
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EBAC163A-588E-1E5A-3CE8-826E9A449244}" = CCC Help Korean
"{ED65BD75-CEF3-C0C2-9E9C-FA567484FF60}" = CCC Help Japanese
"{ED7943A4-2FF0-4096-BBEA-DE3CC206E3D4}" = Nero Express
"{EEB34D84-92A1-7BE3-6DB7-ABD1C4912D6B}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1289D68-1C48-930F-51CF-577BDB371252}" = CCC Help Swedish
"{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}" = Nero Burning ROM
"{F3F340A5-64EC-AEEC-4BDF-DC537D390BF5}" = CCC Help German
"{F69D4104-5394-4F7C-801C-D96DC92E7F69}" = Nero RescueAgent Help (CHM)
"{FA78CC15-9F90-443B-BA61-A66595F06432}" = Nero Burning ROM Help (CHM)
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Aimersoft Video Converter Ultimate_is1" = Aimersoft Video Converter Ultimate(Build 5.6.0.1)
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avast" = avast! Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battle.net" = Battle.net
"Battlelog Web Plugins" = Battlelog Web Plugins
"Clownfish" = Clownfish for Skype
"Cross Fire_is1" = Cross Fire En
"Elsword_EN_is1" = Elsword_EN
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.8.1
"FLV Downloader 1.0_is1" = FLV Downloader 1.0
"Flvto Youtube Downloader" = Flvto Youtube Downloader
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"LaRoXionMT2 5.0.3.0" = LaRoXionMT2
"League of Legends 3.0.1" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"McTitan Pokemine" = McTitan Pokemine
"Minecraft1.7.9" = Minecraft1.7.9
"MOV to AVI MPEG WMV Converter_is1" = MOV to AVI MPEG WMV Converter 6.3.0206
"Mozilla Firefox 33.0.3 (x86 cs)" = Mozilla Firefox 33.0.3 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_NCWest" = NCSOFT Game Launcher
"Notepad++" = Notepad++
"Origin" = Origin
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"PuTTY_is1" = PuTTY version 0.63
"R29hdFNpbXVsYXRvcg==_is1" = Goat Simulator
"SpeedFan" = SpeedFan (remove only)
"Steam App 221100" = DayZ
"Steam App 227300" = Euro Truck Simulator 2
"Steam App 247830" = Aerena
"Steam App 301520" = Robocraft
"Steam App 440" = Team Fortress 2
"Steam App 730" = Counter-Strike: Global Offensive
"StepMania 5" = StepMania v5.0 beta 2a (remove only)
"TeamViewer 9" = TeamViewer 9
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"Warcraft III Reign of Chaos & The Frozen Throne" = Warcraft III Reign of Chaos & The Frozen Throne
"winscp3_is1" = WinSCP 5.5.3
"WinX Free AVI to WMV Converter_is1" = WinX Free AVI to WMV Converter 4.0.6
"WORD" = Microsoft Office Word 2007
"WOW Slider_is1" = WOW Slider
"xampp" = XAMPP

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-992597708-1987578634-1854157398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Counter-Strike 1.6_is1" = Counter-Strike 1.6 v42
"GameMaker-Studio13" = GameMaker-Studio 1.3
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4.11.2014 12:16:24 | Computer Name = admin-PC | Source = Application Hang | ID = 1002
Description = The program Skype.exe version 6.20.0.104 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3c0 Start
Time: 01cff84a48085bd7 Termination Time: 10 Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report
Id: e3f74adb-643d-11e4-92c5-002215966e6e

Error - 4.11.2014 13:16:31 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Clownfish.exe, version: 3.0.6.0, time stamp:
0x542284ec Faulting module name: Clownfish.exe, version: 3.0.6.0, time stamp: 0x542284ec
Exception
code: 0xc0000417 Fault offset: 0x00086507 Faulting process id: 0x1340 Faulting application
start time: 0x01cff8514fd78498 Faulting application path: C:\Program Files (x86)\Clownfish\Clownfish.exe
Faulting
module path: C:\Program Files (x86)\Clownfish\Clownfish.exe Report Id: 515f0786-6446-11e4-92c5-002215966e6e

Error - 5.11.2014 10:32:52 | Computer Name = admin-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. C:\ProgramData\BlueStacks\Android\kernel.elf.signature doesn't exist
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 6.11.2014 12:36:51 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Clownfish.exe, version: 3.0.6.0, time stamp:
0x542284ec Faulting module name: Clownfish.exe, version: 3.0.6.0, time stamp: 0x542284ec
Exception
code: 0xc0000417 Fault offset: 0x00086507 Faulting process id: 0x2228 Faulting application
start time: 0x01cff9384baf1501 Faulting application path: C:\Program Files (x86)\Clownfish\Clownfish.exe
Faulting
module path: C:\Program Files (x86)\Clownfish\Clownfish.exe Report Id: 1b7bb595-65d3-11e4-b7de-002215966e6e

Error - 6.11.2014 15:17:15 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Clownfish.exe, version: 3.0.6.0, time stamp:
0x542284ec Faulting module name: Clownfish.exe, version: 3.0.6.0, time stamp: 0x542284ec
Exception
code: 0xc0000417 Fault offset: 0x00086507 Faulting process id: 0x2624 Faulting application
start time: 0x01cff9e03c27869d Faulting application path: C:\Program Files (x86)\Clownfish\Clownfish.exe
Faulting
module path: C:\Program Files (x86)\Clownfish\Clownfish.exe Report Id: 841fd615-65e9-11e4-b7de-002215966e6e

Error - 7.11.2014 10:29:04 | Computer Name = admin-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. C:\ProgramData\BlueStacks\Android\kernel.elf.signature doesn't exist
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 7.11.2014 10:41:50 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Clownfish.exe, version: 3.0.6.0, time stamp:
0x542284ec Faulting module name: Clownfish.exe, version: 3.0.6.0, time stamp: 0x542284ec
Exception
code: 0xc0000417 Fault offset: 0x00086507 Faulting process id: 0x928 Faulting application
start time: 0x01cffa971685e45c Faulting application path: C:\Program Files (x86)\Clownfish\Clownfish.exe
Faulting
module path: C:\Program Files (x86)\Clownfish\Clownfish.exe Report Id: 34883462-668c-11e4-9ea7-002215966e6e

Error - 7.11.2014 20:53:43 | Computer Name = admin-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\admin\Downloads\esetsmartinstaller_csy.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 8.11.2014 8:27:51 | Computer Name = admin-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. C:\ProgramData\BlueStacks\Android\kernel.elf.signature doesn't exist
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 8.11.2014 11:00:28 | Computer Name = admin-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\admin\Downloads\esetsmartinstaller_csy.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 8.11.2014 11:05:27 | Computer Name = admin-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
service. C:\ProgramData\BlueStacks\Android\kernel.elf.signature doesn't exist
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

[ System Events ]
Error - 12.9.2014 15:05:06 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error: %%1053

Error - 13.9.2014 11:58:22 | Computer Name = admin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:50:27 on ?13.?9.?2014 was unexpected.

Error - 13.9.2014 11:59:15 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the LogMeIn
Hamachi Tunneling Engine service to connect.

Error - 13.9.2014 11:59:15 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error: %%1053

Error - 13.9.2014 11:59:42 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
error: %%1064

Error - 13.9.2014 17:31:57 | Computer Name = admin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:30:09 on ?13.?9.?2014 was unexpected.

Error - 13.9.2014 17:32:03 | Computer Name = ADMIN-PC | Source = BugCheck | ID = 1001
Description =

Error - 13.9.2014 17:32:42 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Computer
Backup (MyPC Backup) service to connect.

Error - 13.9.2014 17:32:42 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error: %%1053

Error - 13.9.2014 17:33:21 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
error: %%1064

< End of report >

#11 Příspěvek od **altrok** » 08 lis 2014 18:11

nez sepisu dalsi navod, doinstalujte SP1, IE 11 a vsechny dalsi dulezite Windows aktualizace

Paysami · #12 Příspěvek od **Paysami** » 08 lis 2014 18:41

Aha mno, tak to jsem asi skončil ;w;

#13 Příspěvek od **altrok** » 08 lis 2014 18:54

Ted nechapu, proc by to mel byt problem...

Otazka systemovych aktualizaci je velice zasadni, protoze nezaplatovany system nema cenu lecit http://forum.viry.cz/viewtopic.php?f=29 ... 6#p1353406

Paysami · #14 Příspěvek od **Paysami** » 08 lis 2014 19:11

Ten kdo mi dělal ten pc.. Tak moc nepředpovídám, že by tam dal legální os. Tudíž se pak nesmí aktualizovat ne?

#15 Příspěvek od **altrok** » 08 lis 2014 19:17

Tezko rict, na praci s nelegalnimi systemy jsem vyskolen nebyl...

Pak mi bohuzel pravidla fora, ktera jste Vy i ja povinni dodrzovat, nedovoluji pokracovat.

VIRY.CZ

downloader.exe

downloader.exe

Re: downloader.exe

Re: downloader.exe

Re: downloader.exe

Re: downloader.exe

Re: downloader.exe

Re: downloader.exe

Re: downloader.exe

Re: downloader.exe

Re: downloader.exe

Re: downloader.exe

Re: downloader.exe

Re: downloader.exe

Re: downloader.exe

Re: downloader.exe