Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Facebook a youtube nefunguje
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Facebook a youtube nefunguje
Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Facebook a youtube nefunguje
nechce mi ten program aktualizovat. uz som to skusala trikrat a stale mi naskoci ze program nereaguje.
Re: Facebook a youtube nefunguje
skusila som ten program nainstalovat este raz, ale stale pri tej aktualizacii mi to zamrzne. Neviem, mozno robim nieco zle, alebo nie je s internetom nieco vporiadku. 
Re: Facebook a youtube nefunguje
Zkuste restartovat pc a najet do nouzoveho rezimu s praci v siti. V nem zkuste aktualizovat a spustit test. pokud to nepujde, dejte vedet, pritvrdime.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Facebook a youtube nefunguje
bohuzial bez zmeny...robi presne to iste co aj v normalnom rezime.. neodpoveda.
Re: Facebook a youtube nefunguje
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Facebook a youtube nefunguje
medzitym som to skusila este raz a ide to 
uz to kontroluje ten program Malwarebytes. Takze asi pockam co to spravi.
uz to kontroluje ten program Malwarebytes. Takze asi pockam co to spravi.Re: Facebook a youtube nefunguje
Ano, pokud to bezi, nechte ho pracovat 
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Facebook a youtube nefunguje
Mimochodom, skusala som FB a uz funguje 
nechapem tomu. Kazdopadne ten program stale kontroluje a naslo nejake zle objekty. Pockam kym to dokonci a poslem vam ten log. Chcem mat PC ako tak vporiadku. Budete tu zajtra poobede?
nechapem tomu. Kazdopadne ten program stale kontroluje a naslo nejake zle objekty. Pockam kym to dokonci a poslem vam ten log. Chcem mat PC ako tak vporiadku. Budete tu zajtra poobede?Re: Facebook a youtube nefunguje
Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
www.malwarebytes.org
Verzia databázy: v2013.04.04.07
Windows 7 Service Pack 1 x64 NTFS (Núdzoví režim/Sieť)
Internet Explorer 11.0.9600.16518
ASUS :: ASUS-PC [administrátor]
Ochrana: Vypnuté
7. 3. 2014 23:35:56
MBAM-log-2014-03-08 (00-26-13).txt
Typ kontroly: Úplná kontrola (C:\|D:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 417130
Uplynutý čas: 49 min, 29 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GotClip (PUP.Adware.Gotclip.ScamLotto) -> Žiadna úloha nevykonaná.
Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)
Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)
Detegované priečinky: 0
(Škodlivé položky neboli zistené)
Detegované súbory: 4
C:\Program Files (x86)\GotClip\Uninstall.exe (PUP.Adware.Gotclip.ScamLotto) -> Žiadna úloha nevykonaná.
C:\Users\ASUS\AppData\Local\Temp\wh_cc.exe (PUP.WebHancer) -> Žiadna úloha nevykonaná.
C:\Users\ASUS\Downloads\May04-Picture14.JPG_www.facebook.com.zip (Backdoor.Bot) -> Žiadna úloha nevykonaná.
C:\Users\ASUS\Downloads\Vio_Player_Setup.exe (PUP.BundleInstaller.VIO) -> Žiadna úloha nevykonaná.
(koniec)
www.malwarebytes.org
Verzia databázy: v2013.04.04.07
Windows 7 Service Pack 1 x64 NTFS (Núdzoví režim/Sieť)
Internet Explorer 11.0.9600.16518
ASUS :: ASUS-PC [administrátor]
Ochrana: Vypnuté
7. 3. 2014 23:35:56
MBAM-log-2014-03-08 (00-26-13).txt
Typ kontroly: Úplná kontrola (C:\|D:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 417130
Uplynutý čas: 49 min, 29 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GotClip (PUP.Adware.Gotclip.ScamLotto) -> Žiadna úloha nevykonaná.
Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)
Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)
Detegované priečinky: 0
(Škodlivé položky neboli zistené)
Detegované súbory: 4
C:\Program Files (x86)\GotClip\Uninstall.exe (PUP.Adware.Gotclip.ScamLotto) -> Žiadna úloha nevykonaná.
C:\Users\ASUS\AppData\Local\Temp\wh_cc.exe (PUP.WebHancer) -> Žiadna úloha nevykonaná.
C:\Users\ASUS\Downloads\May04-Picture14.JPG_www.facebook.com.zip (Backdoor.Bot) -> Žiadna úloha nevykonaná.
C:\Users\ASUS\Downloads\Vio_Player_Setup.exe (PUP.BundleInstaller.VIO) -> Žiadna úloha nevykonaná.
(koniec)
Re: Facebook a youtube nefunguje
Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
www.malwarebytes.org
Verzia databázy: v2013.04.04.07
Windows 7 Service Pack 1 x64 NTFS (Núdzoví režim/Sieť)
Internet Explorer 11.0.9600.16518
ASUS :: ASUS-PC [administrátor]
Ochrana: Vypnuté
7. 3. 2014 23:35:56
MBAM-log-2014-03-08 (00-26-13).txt
Typ kontroly: Úplná kontrola (C:\|D:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 417130
Uplynutý čas: 49 min, 29 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GotClip (PUP.Adware.Gotclip.ScamLotto) -> Žiadna úloha nevykonaná.
Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)
Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)
Detegované priečinky: 0
(Škodlivé položky neboli zistené)
Detegované súbory: 4
C:\Program Files (x86)\GotClip\Uninstall.exe (PUP.Adware.Gotclip.ScamLotto) -> Žiadna úloha nevykonaná.
C:\Users\ASUS\AppData\Local\Temp\wh_cc.exe (PUP.WebHancer) -> Žiadna úloha nevykonaná.
C:\Users\ASUS\Downloads\May04-Picture14.JPG_www.facebook.com.zip (Backdoor.Bot) -> Žiadna úloha nevykonaná.
C:\Users\ASUS\Downloads\Vio_Player_Setup.exe (PUP.BundleInstaller.VIO) -> Žiadna úloha nevykonaná.
(koniec)
www.malwarebytes.org
Verzia databázy: v2013.04.04.07
Windows 7 Service Pack 1 x64 NTFS (Núdzoví režim/Sieť)
Internet Explorer 11.0.9600.16518
ASUS :: ASUS-PC [administrátor]
Ochrana: Vypnuté
7. 3. 2014 23:35:56
MBAM-log-2014-03-08 (00-26-13).txt
Typ kontroly: Úplná kontrola (C:\|D:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 417130
Uplynutý čas: 49 min, 29 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GotClip (PUP.Adware.Gotclip.ScamLotto) -> Žiadna úloha nevykonaná.
Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)
Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)
Detegované priečinky: 0
(Škodlivé položky neboli zistené)
Detegované súbory: 4
C:\Program Files (x86)\GotClip\Uninstall.exe (PUP.Adware.Gotclip.ScamLotto) -> Žiadna úloha nevykonaná.
C:\Users\ASUS\AppData\Local\Temp\wh_cc.exe (PUP.WebHancer) -> Žiadna úloha nevykonaná.
C:\Users\ASUS\Downloads\May04-Picture14.JPG_www.facebook.com.zip (Backdoor.Bot) -> Žiadna úloha nevykonaná.
C:\Users\ASUS\Downloads\Vio_Player_Setup.exe (PUP.BundleInstaller.VIO) -> Žiadna úloha nevykonaná.
(koniec)
Re: Facebook a youtube nefunguje
youtube stale neide.
Re: Facebook a youtube nefunguje
Vsechny nalezy nechte odstranit. Zustante v nouzovem rezimu s praci v siti a pouzijte ComboFix Zitra odpoledne doma (tedy u pc) nebudu. Bud dopoledne, nebo pak zase az vecer.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Facebook a youtube nefunguje
Zdravim
urobila som vsetko ako ste pisali... a tu je log, kt. vypľulo
urobila som vsetko ako ste pisali... a tu je log, kt. vypľulo
Re: Facebook a youtube nefunguje
ComboFix 14-03-05.01 - ASUS . 03. 2014 21:37:54.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3885.2531 [GMT 1:00]
Running from: c:\users\ASUS\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\58303954424f73f2
c:\programdata\58303954424f73f2\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
c:\programdata\58303954424f73f2\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.old
c:\programdata\58303954424f73f2\{547488D7-023D-9784-93BC-8699F58BCC4B}
c:\programdata\58303954424f73f2\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
c:\programdata\58303954424f73f2\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
c:\programdata\58303954424f73f2\{CA41BB14-E67B-1653-C57B-5CA99418A866}
c:\programdata\58303954424f73f2\{CA41BB14-E67B-1653-C57B-5CA99418A866}.old
c:\programdata\58303954424f73f2\{E32743D3-5789-6E4F-3998-06FB87C9214B}
c:\programdata\58303954424f73f2\8c84dcdc46445dd64c11ae4777c50564.ini
c:\programdata\58303954424f73f2\c639ec01ae8d99a94c11ae4777c50564.ini
c:\programdata\814
c:\programdata\814\{899DCEDD-52BF-4B53-B5DE-28205D72CCDB}.swf
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\tNspVmLqVz.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\icon48.png
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\jlk.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\uk5RWcL5Y.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\LzD7LHzRpp3.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\f4R.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\manifest.json
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{15F57D1B-7086-4C1A-B58E-AEFFAABBC42B}.xps
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2902365E-D26A-409D-B606-6CA648386F80}.xps
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{94FA9160-FA2D-4DBD-8658-C22FA1724A82}.xps
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9D95A4AA-49FE-4072-9B6B-0414DDCE15F5}.xps
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AED6B9A8-44AE-4963-AC0D-36693966F01A}.xps
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EC5CC474-97D2-4152-8C07-E0BD381F9C85}.xps
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F376C14C-E3D9-4DC6-BB52-536437CBDD42}.xps
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\tNspVmLqVz.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\icon48.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\jlk.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\uk5RWcL5Y.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\LzD7LHzRpp3.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\f4R.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\tNspVmLqVz.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\icon48.png
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\jlk.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\uk5RWcL5Y.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\LzD7LHzRpp3.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\f4R.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\tNspVmLqVz.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\icon48.png
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\jlk.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\newtab.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\uk5RWcL5Y.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\LzD7LHzRpp3.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\f4R.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\manifest.json
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-02-08 to 2014-03-08 )))))))))))))))))))))))))))))))
.
.
2014-03-08 20:46 . 2014-03-08 20:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-08 20:46 . 2014-03-08 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-07 21:45 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-07 21:45 . 2014-03-07 21:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-07 21:14 . 2014-03-07 21:14 -------- d-----w- c:\users\ASUS\AppData\Roaming\Malwarebytes
2014-03-07 21:14 . 2014-03-07 21:14 -------- d-----w- c:\programdata\Malwarebytes
2014-03-07 19:51 . 2014-03-07 20:01 -------- d-----w- C:\AdwCleaner
2014-03-07 19:36 . 2014-03-07 19:36 -------- d-----w- c:\program files\trend micro
2014-03-07 19:36 . 2014-03-07 19:37 -------- d-----w- C:\rsit
2014-03-07 17:39 . 2014-03-07 17:39 -------- d-----w- c:\program files (x86)\AdBloocknWatch
2014-03-05 22:08 . 2014-02-20 18:27 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C67C581-2FD1-457D-8605-BE6FCF19E95E}\gapaengine.dll
2014-03-05 22:07 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFE97FBB-158E-4E8C-8FE1-36BA5F7E86D5}\mpengine.dll
2014-03-04 07:17 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-03 09:42 . 2014-03-03 09:42 -------- d-----w- c:\users\ASUS\AppData\Local\Skype
2014-03-03 09:41 . 2014-03-03 09:41 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-02-28 18:25 . 2014-02-28 18:26 -------- d-----w- c:\programdata\RiandoomPRIccea
2014-02-26 00:17 . 2014-02-26 00:17 -------- d-----w- c:\windows\Migration
2014-02-13 23:45 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 23:45 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 21:16 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 21:16 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-13 21:16 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 21:16 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-13 21:14 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-13 21:14 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 21:14 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-13 21:14 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 18:27 . 2012-11-28 21:25 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-17 23:43 . 2011-02-13 18:45 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-19 07:33 . 2011-02-09 16:35 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{33A673EA-6A8A-C050-8FB5-02FBC27E55D3}]
2014-02-28 18:25 425984 ----a-w- c:\programdata\RiandoomPRIccea\1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Bonus.SSR.FR11"="d:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-11-06 934152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-12-31 295072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2011-2-2 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;d:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe;d:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [x]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 e81a9dc1;GS-Supporter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-07 17:51 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2912947941-187621372-755929185-1001Core.job
- c:\users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 08:51]
.
2014-03-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2912947941-187621372-755929185-1001UA.job
- c:\users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 08:51]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07 17:48]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07 17:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33A673EA-6A8A-C050-8FB5-02FBC27E55D3}]
2014-02-28 18:25 475136 ----a-w- c:\programdata\RiandoomPRIccea\1.x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-27 17412200]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{AD47D2F5-6A2A-A532-138E-3494A450605E} - c:\program files (x86)\SNT\uv7J6UP.dll
BHO-{DE4FB389-F1FC-E2EF-46C6-2681F9438190} - c:\programdata\SaveAs\50f0858929f58.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{AD47D2F5-6A2A-A532-138E-3494A450605E} - c:\program files (x86)\SNT\uv7J6UP.x64.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-10prstami5 - d:\portret\DesiatimiPrstami\pmqUnInstall.exe
AddRemove-Freecorder5.11 - c:\program files (x86)\Freecorder\uninstall.exe
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-S-1622525965 - c:\programdata\softwarehouse\gs-enabler\gs-enabler.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{e81a9dc1} - c:\progra~2\GS-ENA~1\ASSIST~1.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-08 21:49:55
ComboFix-quarantined-files.txt 2014-03-08 20:49
.
Pre-Run: 38 217 342 976 bytes free
Post-Run: 40 988 557 312 bytes free
.
- - End Of File - - A85723C62DC732B0CD2DCFAEA23866A3
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3885.2531 [GMT 1:00]
Running from: c:\users\ASUS\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\58303954424f73f2
c:\programdata\58303954424f73f2\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
c:\programdata\58303954424f73f2\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.old
c:\programdata\58303954424f73f2\{547488D7-023D-9784-93BC-8699F58BCC4B}
c:\programdata\58303954424f73f2\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
c:\programdata\58303954424f73f2\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
c:\programdata\58303954424f73f2\{CA41BB14-E67B-1653-C57B-5CA99418A866}
c:\programdata\58303954424f73f2\{CA41BB14-E67B-1653-C57B-5CA99418A866}.old
c:\programdata\58303954424f73f2\{E32743D3-5789-6E4F-3998-06FB87C9214B}
c:\programdata\58303954424f73f2\8c84dcdc46445dd64c11ae4777c50564.ini
c:\programdata\58303954424f73f2\c639ec01ae8d99a94c11ae4777c50564.ini
c:\programdata\814
c:\programdata\814\{899DCEDD-52BF-4B53-B5DE-28205D72CCDB}.swf
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\tNspVmLqVz.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\icon48.png
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\jlk.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\uk5RWcL5Y.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\LzD7LHzRpp3.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\f4R.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\manifest.json
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{15F57D1B-7086-4C1A-B58E-AEFFAABBC42B}.xps
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2902365E-D26A-409D-B606-6CA648386F80}.xps
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{94FA9160-FA2D-4DBD-8658-C22FA1724A82}.xps
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9D95A4AA-49FE-4072-9B6B-0414DDCE15F5}.xps
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AED6B9A8-44AE-4963-AC0D-36693966F01A}.xps
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EC5CC474-97D2-4152-8C07-E0BD381F9C85}.xps
c:\users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F376C14C-E3D9-4DC6-BB52-536437CBDD42}.xps
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\tNspVmLqVz.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\icon48.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\jlk.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\uk5RWcL5Y.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\LzD7LHzRpp3.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\f4R.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\tNspVmLqVz.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\icon48.png
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\jlk.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\uk5RWcL5Y.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\LzD7LHzRpp3.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\f4R.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecmpfliibfeoabhhkclbnjkpehmelfh\1.0\tNspVmLqVz.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\icon48.png
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\jlk.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifapambmelpedkbooknjojffkfeficld\1.1\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\newtab.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecjhjnopgofoinlknopcjihdkdhbbde\2.1\uk5RWcL5Y.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\LzD7LHzRpp3.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\134\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\f4R.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbhbdcapldopmdipdidocklnbnlgnd\2.7\manifest.json
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-02-08 to 2014-03-08 )))))))))))))))))))))))))))))))
.
.
2014-03-08 20:46 . 2014-03-08 20:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-08 20:46 . 2014-03-08 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-07 21:45 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-07 21:45 . 2014-03-07 21:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-07 21:14 . 2014-03-07 21:14 -------- d-----w- c:\users\ASUS\AppData\Roaming\Malwarebytes
2014-03-07 21:14 . 2014-03-07 21:14 -------- d-----w- c:\programdata\Malwarebytes
2014-03-07 19:51 . 2014-03-07 20:01 -------- d-----w- C:\AdwCleaner
2014-03-07 19:36 . 2014-03-07 19:36 -------- d-----w- c:\program files\trend micro
2014-03-07 19:36 . 2014-03-07 19:37 -------- d-----w- C:\rsit
2014-03-07 17:39 . 2014-03-07 17:39 -------- d-----w- c:\program files (x86)\AdBloocknWatch
2014-03-05 22:08 . 2014-02-20 18:27 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C67C581-2FD1-457D-8605-BE6FCF19E95E}\gapaengine.dll
2014-03-05 22:07 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFE97FBB-158E-4E8C-8FE1-36BA5F7E86D5}\mpengine.dll
2014-03-04 07:17 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-03 09:42 . 2014-03-03 09:42 -------- d-----w- c:\users\ASUS\AppData\Local\Skype
2014-03-03 09:41 . 2014-03-03 09:41 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-02-28 18:25 . 2014-02-28 18:26 -------- d-----w- c:\programdata\RiandoomPRIccea
2014-02-26 00:17 . 2014-02-26 00:17 -------- d-----w- c:\windows\Migration
2014-02-13 23:45 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 23:45 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 21:16 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 21:16 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-13 21:16 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 21:16 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-13 21:14 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-13 21:14 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 21:14 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-13 21:14 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 18:27 . 2012-11-28 21:25 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-17 23:43 . 2011-02-13 18:45 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-19 07:33 . 2011-02-09 16:35 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{33A673EA-6A8A-C050-8FB5-02FBC27E55D3}]
2014-02-28 18:25 425984 ----a-w- c:\programdata\RiandoomPRIccea\1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Bonus.SSR.FR11"="d:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-11-06 934152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-12-31 295072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2011-2-2 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;d:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe;d:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [x]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 e81a9dc1;GS-Supporter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-07 17:51 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2912947941-187621372-755929185-1001Core.job
- c:\users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 08:51]
.
2014-03-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2912947941-187621372-755929185-1001UA.job
- c:\users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 08:51]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07 17:48]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07 17:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33A673EA-6A8A-C050-8FB5-02FBC27E55D3}]
2014-02-28 18:25 475136 ----a-w- c:\programdata\RiandoomPRIccea\1.x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-27 17412200]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{AD47D2F5-6A2A-A532-138E-3494A450605E} - c:\program files (x86)\SNT\uv7J6UP.dll
BHO-{DE4FB389-F1FC-E2EF-46C6-2681F9438190} - c:\programdata\SaveAs\50f0858929f58.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{AD47D2F5-6A2A-A532-138E-3494A450605E} - c:\program files (x86)\SNT\uv7J6UP.x64.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-10prstami5 - d:\portret\DesiatimiPrstami\pmqUnInstall.exe
AddRemove-Freecorder5.11 - c:\program files (x86)\Freecorder\uninstall.exe
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-S-1622525965 - c:\programdata\softwarehouse\gs-enabler\gs-enabler.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{e81a9dc1} - c:\progra~2\GS-ENA~1\ASSIST~1.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-08 21:49:55
ComboFix-quarantined-files.txt 2014-03-08 20:49
.
Pre-Run: 38 217 342 976 bytes free
Post-Run: 40 988 557 312 bytes free
.
- - End Of File - - A85723C62DC732B0CD2DCFAEA23866A3
Přispějete na provoz fóra?