bitcoiner virus

Zpráva

hugostieglitz · #1 Příspěvek od **hugostieglitz** » 05 srp 2013 12:12

zdravím všechny v tomhle pekelném horku

používám microsoft essential a při pravidelné kontrole mi našel a odstranil nějaký bitcoin miner virus,od té chvíle jakmile přestanu na minutu pracovat s pc tak se grafika rozběhne na sto procent jako při testu v OCCT,jakmile pohnu myší tak to přestane,zkoušel jsem i eset online scaner ten taky něco našel ale v karanteně nic není ani log neudělal,to samé malwarebytes

moc prosím o radu,mám r6970 ligtning a spotřeba v plné zátěži je hodně přes 400 W
děkuji předem

#2 Příspěvek od **Rudy** » 05 srp 2013 16:55

Také zdravím!
Zajímá mne, co má společného r6970 ligtning (což je grafická karta) s virem bitcoiner virus?

Dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=24&t=130784 .

hugostieglitz · #3 Příspěvek od **hugostieglitz** » 05 srp 2013 17:23

děkuji za váš čas
taky nevím,ale nic jiného eset ani malvarebytes nenašli a jak jsem psal dochází k vytížení gpu na max jakmile minutu nepohnu myší,na netu jsem se někde dočetl že takto napadený pc "těží" cosi pro někoho atd(nejsem z toho moudrý
každopádně díky za váš čas a přikládám výpis z rsit

Logfile of random's system information tool 1.08 (written by random/random)
Run by dominik at 2013-08-05 18:18:42
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 45 GB (45%) free of 100 GB
Total RAM: 8191 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:18:44, on 5.8.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files\trend micro\dominik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchesplace.info/?pi ... Z&unqvl=30
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchesplace.info/?pi ... Z&unqvl=30
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe autostart
O4 - HKCU\..\Run: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\dominik\AppData\Local\Temp\\tsiVi032.dll,start
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: c:\progra~2\savesh~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)
O23 - Service: WMI Performance Adapter (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6263 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
winlogon.exe
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Winstep\WsxService"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\wbem\WmiApSrv.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
WLIDSvcM.exe 2132
"C:\Program Files (x86)\Winstep\Nexus.exe" autostart
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
mfpmp.exe /cbfbb9fadf578291_39972b0/PMPServer {11B497F4-D34F-49BC-850A-D4948ED30514} 972 131184 =C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp=C:\ProgramData
"taskhost.exe"
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"D:\stahování z internetu\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-06-28 13631704]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20 1356240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"Nexus"=C:\Program Files (x86)\Winstep\Nexus.exe [2012-03-28 16957056]
""= []
"tsiVideo"=C:\Windows\SysWOW64\rundll32.exe [2009-07-14 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21 472992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-06-25 1073352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Update 5]
C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [2012-01-30 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2013-04-19 1090912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super-Charger]
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [2013-03-08 506864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
""= []
"Super-Charger"=C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [2013-03-08 506864]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-03-28 642656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-08-05 18:14:15 ----D---- C:\Program Files\trend micro
2013-08-05 18:14:14 ----D---- C:\rsit
2013-08-05 12:29:32 ----D---- C:\Program Files (x86)\ESET
2013-08-05 04:41:46 ----D---- C:\Users\dominik\AppData\Roaming\Malwarebytes
2013-08-05 04:41:36 ----D---- C:\ProgramData\Malwarebytes
2013-08-04 23:23:06 ----A---- C:\Windows\SYSWOW64\SYNSOEMU.DLL
2013-08-04 15:04:42 ----A---- C:\Windows\system32\CRACKNEX.dll
2013-08-04 12:51:45 ----D---- C:\ProgramData\StarApp
2013-08-04 12:51:42 ----D---- C:\Program Files (x86)\WebSearch
2013-08-04 12:51:22 ----D---- C:\Program Files (x86)\SaveShare
2013-07-30 23:21:51 ----D---- C:\Program Files\Image-Line
2013-07-30 23:21:37 ----D---- C:\Users\dominik\AppData\Roaming\FlowStone
2013-07-30 23:21:37 ----D---- C:\Program Files (x86)\DSPRobotics
2013-07-30 10:41:33 ----D---- C:\Users\dominik\AppData\Roaming\Media Player Classic
2013-07-28 14:02:15 ----D---- C:\Program Files (x86)\AMD APP
2013-07-28 14:00:43 ----A---- C:\Windows\system32\RtNicProp64.dll
2013-07-28 14:00:43 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2013-07-28 13:59:45 ----A---- C:\Windows\system32\WavesGUILib64.dll
2013-07-28 13:59:45 ----A---- C:\Windows\system32\tossaeapo64.dll
2013-07-28 13:59:45 ----A---- C:\Windows\system32\toseaeapo64.dll
2013-07-28 13:59:45 ----A---- C:\Windows\system32\tosasfapo64.dll
2013-07-28 13:59:45 ----A---- C:\Windows\system32\sltech64.dll
2013-07-28 13:59:45 ----A---- C:\Windows\system32\slprp64.dll
2013-07-28 13:59:44 ----A---- C:\Windows\system32\slcnt64.dll
2013-07-28 13:59:44 ----A---- C:\Windows\system32\sl3apo64.dll
2013-07-28 13:59:44 ----A---- C:\Windows\system32\SFSS_APO.dll
2013-07-28 13:59:44 ----A---- C:\Windows\system32\RtPgEx64.dll
2013-07-28 13:59:44 ----A---- C:\Windows\system32\RTKSMSettingsIPC.dll
2013-07-28 13:59:44 ----A---- C:\Windows\system32\RTKSMlfx.dll
2013-07-28 13:59:44 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2013-07-28 13:59:43 ----A---- C:\Windows\system32\RtkAPO64.dll
2013-07-28 13:59:43 ----A---- C:\Windows\system32\RtkApi64.dll
2013-07-28 13:59:43 ----A---- C:\Windows\system32\RtDataProc64.dll
2013-07-28 13:59:43 ----A---- C:\Windows\system32\RTCOM64.dll
2013-07-28 13:59:43 ----A---- C:\Windows\system32\RCoInstII64.dll
2013-07-28 13:59:42 ----A---- C:\Windows\system32\MISS_APO.dll
2013-07-28 13:59:42 ----A---- C:\Windows\system32\MaxxVoiceAPO2064.dll
2013-07-28 13:59:42 ----A---- C:\Windows\system32\MaxxAudioVnN64.dll
2013-07-28 13:59:42 ----A---- C:\Windows\system32\MaxxAudioVnA64.dll
2013-07-28 13:59:42 ----A---- C:\Windows\system32\MaxxAudioRealtek64.dll
2013-07-28 13:59:41 ----A---- C:\Windows\system32\MaxxAudioRealtek264.dll
2013-07-28 13:59:41 ----A---- C:\Windows\system32\MaxxAudioEQ64.dll
2013-07-28 13:59:41 ----A---- C:\Windows\system32\MaxxAudioAPOShell64.dll
2013-07-28 13:59:41 ----A---- C:\Windows\system32\MaxxAudioAPO5064.dll
2013-07-28 13:59:41 ----A---- C:\Windows\system32\MaxxAudioAPO4064.dll
2013-07-28 13:59:39 ----A---- C:\Windows\system32\FMAPO64.dll
2013-07-28 13:59:39 ----A---- C:\Windows\system32\AERTAC64.dll
2013-07-28 13:59:39 ----A---- C:\Windows\system32\AcpiServiceVnA64.dll
2013-07-28 13:40:45 ----D---- C:\ProgramData\ATI
2013-07-28 13:39:16 ----D---- C:\Program Files (x86)\AMD AVT
2013-07-28 13:38:15 ----D---- C:\Program Files\Common Files\ATI Technologies
2013-07-28 13:38:12 ----D---- C:\Program Files (x86)\ATI Technologies
2013-07-28 13:38:10 ----D---- C:\Program Files\ATI
2013-07-28 13:37:43 ----D---- C:\Program Files\ATI Technologies
2013-07-28 13:37:06 ----D---- C:\AMD
2013-07-28 08:32:17 ----SHD---- C:\ProgramData\SecuROM
2013-07-27 21:30:00 ----D---- C:\Windows\SYSWOW64\xlive
2013-07-27 21:29:59 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-27 17:57:08 ----D---- C:\Users\dominik\AppData\Roaming\Canneverbe Limited
2013-07-27 17:57:08 ----D---- C:\ProgramData\Canneverbe Limited
2013-07-27 12:39:28 ----RHD---- C:\Users\dominik\AppData\Roaming\SecuROM
2013-07-27 11:41:01 ----A---- C:\Windows\SYSWOW64\CmdLineExt_x64.dll
2013-07-25 14:33:02 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-07-21 12:26:49 ----D---- C:\CIMTEMP
2013-07-21 08:35:31 ----D---- C:\Users\dominik\AppData\Roaming\BANDISOFT
2013-07-21 08:35:20 ----D---- C:\Program Files (x86)\BandiMPEG1
2013-07-16 04:39:49 ----D---- C:\Windows\system32\MRT
2013-07-15 11:25:13 ----D---- C:\Program Files (x86)\GPU-Z
2013-07-14 09:08:12 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-07-10 23:33:58 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-07-10 23:33:58 ----A---- C:\Windows\system32\ieui.dll
2013-07-10 23:33:57 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-07-10 23:33:57 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-07-10 23:33:57 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-07-10 23:33:57 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-07-10 23:33:57 ----A---- C:\Windows\system32\iesetup.dll
2013-07-10 23:33:57 ----A---- C:\Windows\system32\iernonce.dll
2013-07-10 23:33:57 ----A---- C:\Windows\system32\ie4uinit.exe
2013-07-10 23:33:56 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-07-10 23:33:56 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 23:33:56 ----A---- C:\Windows\system32\iesysprep.dll
2013-07-10 23:33:56 ----A---- C:\Windows\system32\iertutil.dll
2013-07-10 23:33:55 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-07-10 23:33:55 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-07-10 23:33:55 ----A---- C:\Windows\system32\msfeeds.dll
2013-07-10 23:33:55 ----A---- C:\Windows\system32\jscript.dll
2013-07-10 23:33:54 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-07-10 23:33:54 ----A---- C:\Windows\system32\jscript9.dll
2013-07-10 23:33:53 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-07-10 23:33:53 ----A---- C:\Windows\system32\urlmon.dll
2013-07-10 23:33:52 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-07-10 23:33:52 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-07-10 23:33:52 ----A---- C:\Windows\system32\wininet.dll
2013-07-10 23:33:52 ----A---- C:\Windows\system32\jsproxy.dll
2013-07-10 23:33:51 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-07-10 23:33:50 ----A---- C:\Windows\system32\ieframe.dll
2013-07-10 23:33:49 ----A---- C:\Windows\system32\mshtml.dll
2013-07-10 23:33:47 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-07-10 13:10:56 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2013-07-10 13:10:56 ----A---- C:\Windows\SYSWOW64\qedit.dll
2013-07-10 13:10:56 ----A---- C:\Windows\system32\WMVDECOD.DLL
2013-07-10 13:10:56 ----A---- C:\Windows\system32\qedit.dll
2013-07-10 13:10:53 ----A---- C:\Windows\system32\win32k.sys
2013-07-10 13:10:45 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2013-07-10 13:10:45 ----A---- C:\Windows\system32\DWrite.dll

======List of files/folders modified in the last 1 months======

2013-08-05 18:18:21 ----D---- C:\Windows\Prefetch
2013-08-05 18:17:04 ----D---- C:\Windows\Temp
2013-08-05 18:14:15 ----RD---- C:\Program Files
2013-08-05 16:00:57 ----D---- C:\Windows\system32\config
2013-08-05 15:35:44 ----D---- C:\Windows\SysWOW64
2013-08-05 14:20:00 ----D---- C:\Windows
2013-08-05 12:29:32 ----RD---- C:\Program Files (x86)
2013-08-05 04:50:41 ----D---- C:\Windows\system32\drivers
2013-08-05 04:48:02 ----HD---- C:\ProgramData
2013-08-05 03:49:56 ----D---- C:\Program Files (x86)\Common Files
2013-08-05 00:21:46 ----D---- C:\Users\dominik\AppData\Roaming\DAEMON Tools Lite
2013-08-05 00:21:42 ----D---- C:\Windows\inf
2013-08-05 00:21:40 ----D---- C:\Windows\Logs
2013-08-04 16:24:32 ----A---- C:\Windows\netdet.ini
2013-08-04 15:06:56 ----D---- C:\Windows\system32\Tasks
2013-08-04 15:04:42 ----D---- C:\Windows\System32
2013-08-04 12:51:45 ----D---- C:\ProgramData\InstallMate
2013-08-04 11:43:25 ----D---- C:\Program Files (x86)\Drakensang Online
2013-08-03 21:53:01 ----SD---- C:\Users\dominik\AppData\Roaming\Microsoft
2013-08-03 18:09:53 ----SHD---- C:\System Volume Information
2013-07-30 23:21:50 ----D---- C:\Program Files (x86)\Image-Line
2013-07-30 22:50:19 ----SHD---- C:\Windows\Installer
2013-07-28 20:28:11 ----D---- C:\Windows\system32\NDF
2013-07-28 14:02:13 ----D---- C:\Windows\system32\catroot
2013-07-28 14:01:11 ----D---- C:\Windows\system32\DriverStore
2013-07-28 14:00:43 ----D---- C:\Program Files (x86)\Realtek
2013-07-28 14:00:23 ----HD---- C:\Program Files (x86)\Temp
2013-07-28 14:00:12 ----D---- C:\Windows\SYSWOW64\RTCOM
2013-07-28 14:00:07 ----D---- C:\Windows\system32\catroot2
2013-07-28 13:40:45 ----D---- C:\Users\dominik\AppData\Roaming\ATI
2013-07-28 13:39:17 ----D---- C:\ProgramData\AMD
2013-07-28 13:38:15 ----D---- C:\Program Files\Common Files
2013-07-28 13:22:51 ----DC---- C:\Windows\system32\DRVSTORE
2013-07-28 13:22:49 ----D---- C:\Windows\Microsoft.NET
2013-07-28 08:29:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-07-27 22:29:02 ----RSD---- C:\Windows\assembly
2013-07-27 22:20:26 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-07-27 11:53:59 ----ASD---- C:\ProgramData\Microsoft
2013-07-27 11:40:49 ----D---- C:\Windows\winsxs
2013-07-26 19:22:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-07-25 14:32:05 ----D---- C:\Windows\SYSWOW64\en-US
2013-07-25 14:32:05 ----D---- C:\Windows\system32\en-US
2013-07-25 13:17:05 ----HD---- C:\SuperChargerProfile
2013-07-21 10:43:08 ----D---- C:\Program Files (x86)\MSI
2013-07-16 04:54:54 ----D---- C:\Windows\debug
2013-07-16 04:47:09 ----D---- C:\Program Files\Microsoft Security Client
2013-07-16 04:47:02 ----D---- C:\Program Files (x86)\Microsoft Security Client
2013-07-16 04:17:50 ----D---- C:\Windows\SYSWOW64\directx
2013-07-16 04:12:20 ----D---- C:\Windows\Panther
2013-07-11 12:52:42 ----D---- C:\Program Files\Windows Defender
2013-07-11 12:52:42 ----D---- C:\Program Files (x86)\Windows Defender
2013-07-11 12:52:42 ----D---- C:\Program Files (x86)\Internet Explorer
2013-07-11 12:52:41 ----D---- C:\Program Files\Internet Explorer
2013-07-11 12:52:40 ----D---- C:\Program Files\Windows Journal
2013-07-11 12:52:35 ----D---- C:\Program Files\Microsoft Silverlight
2013-07-11 12:52:35 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-07-09 15:21:38 ----D---- C:\Program Files (x86)\Tiler

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys [2010-06-17 16440]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 247216]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-05-04 564824]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-22 283200]
R2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 139616]
R3 ALSysIO;ALSysIO; \??\C:\Users\dominik\AppData\Local\Temp\ALSysIO64.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-03-29 11658752]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-03-29 581120]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-02-14 96768]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-07-02 3472600]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-04-10 849992]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
S2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S3 afg0otw7;afg0otw7; C:\Windows\system32\drivers\afg0otw7.sys []
S3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-10-25 13368]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-03-29 241152]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-03-28 361984]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 23808]
R2 Winstep Xtreme Service;Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService []
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-06-20 366600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-30 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-06-26 117144]
S4 MSI_SuperCharger;MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2013-02-20 161264]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S4 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

-----------------EOF-----------------

#4 Příspěvek od **Rudy** » 05 srp 2013 18:39

Zajímalo by mne, jak je to s legalitou vašeho oper. systému.

??

hugostieglitz · #5 Příspěvek od **hugostieglitz** » 05 srp 2013 19:48

upnu někde jpg

nejde mi to nahrát tak jsem to dal na czshare

Kód: Vybrat vše

http://czshare.com/5480122/V%C3%BDst%C5%99i%C5%BEek.PNG

hugostieglitz · #6 Příspěvek od **hugostieglitz** » 05 srp 2013 20:07

Kód: Vybrat vše

http://imageshack.us/photo/my-images/593/fte.png/

#7 Příspěvek od **Rudy** » 05 srp 2013 20:11

To je sice hezké, ale tohle vám vyloudím i z cracklého systému.

hugostieglitz · #8 Příspěvek od **hugostieglitz** » 05 srp 2013 20:26

pc je kupované jako celek od pcnet s.r.o asi před 3 roky včetně os
nikdy jsem neměl podezření na nelegální Os už z toho důvodu že při pořízení tohoto pc v něm byl avast a já to změnil na Microsoft essential který žádal při instalaci ověřění pravosti,taktéž s win.update nebyl nikdy problém,

#9 Příspěvek od **Rudy** » 05 srp 2013 21:00

OK. Jen verze Ultimate není zcela obvyklá pro home usery.

OK. Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Zaškrtněte okénka "pro všechny uživatele", "Kontrola na havet LOP" a "Kontrola na havet Purity". Stáří souborů změňte na 7dnů. Do spodního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na "Prohledat". Po skončení skenu se objeví 2 logy, které sem zkopírujte.

hugostieglitz · #10 Příspěvek od **hugostieglitz** » 05 srp 2013 21:21

OTL logfile created on: 5.8.2013 22:04:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\stahování z internetu
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

8,00 Gb Total Physical Memory | 4,84 Gb Available Physical Memory | 60,55% Memory free
16,00 Gb Paging File | 12,49 Gb Available in Paging File | 78,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 43,35 Gb Free Space | 44,43% Space Free | Partition Type: NTFS
Drive D: | 635,49 Gb Total Space | 600,25 Gb Free Space | 94,45% Space Free | Partition Type: NTFS
Drive E: | 198,36 Gb Total Space | 114,96 Gb Free Space | 57,95% Space Free | Partition Type: NTFS

Computer Name: DOMINIK-PC | User Name: dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.08.05 22:03:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\stahování z internetu\OTL.exe
PRC - [2013.07.16 09:35:19 | 015,792,496 | ---- | M] (Wargaming.net) -- E:\Program Files (x86)\WoT\WorldOfTanks.exe
PRC - [2013.06.26 11:08:47 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.03.08 16:07:36 | 000,506,864 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
PRC - [2012.03.28 17:03:16 | 016,957,056 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\Nexus.exe
PRC - [2011.02.11 20:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\WsxService.exe
PRC - [2010.11.17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

========== Modules (No Company Name) ==========

MOD - [2013.07.16 09:35:19 | 000,327,680 | ---- | M] () -- E:\Program Files (x86)\WoT\voip.dll
MOD - [2013.07.16 09:35:19 | 000,321,520 | ---- | M] () -- E:\Program Files (x86)\WoT\ortp.dll
MOD - [2013.06.26 11:08:27 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.06.12 13:05:20 | 000,270,336 | ---- | M] () -- E:\Program Files (x86)\WoT\libcurl.dll
MOD - [2012.02.22 10:41:36 | 001,085,376 | ---- | M] () -- C:\Program Files (x86)\Winstep\wodTelnetDLX.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013.06.20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013.06.20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.03.28 22:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.26 11:08:46 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.12 20:25:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.18 11:06:42 | 000,737,616 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2013.02.20 11:47:14 | 000,161,264 | ---- | M] (MSI) [Disabled | Stopped] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)
SRV - [2012.09.23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011.02.11 20:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files (x86)\Winstep\WsxService.exe -- (Winstep Xtreme Service)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.06.18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013.05.04 07:28:29 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013.04.10 11:09:24 | 000,849,992 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.03.22 21:52:31 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.01.23 10:31:52 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2013.01.23 10:31:52 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2013.01.23 10:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2013.01.23 10:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.04.15 15:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.04.15 15:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.29 04:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 03:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.06.17 18:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.10.25 20:45:52 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
DRV - [2010.10.22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchesplace.info/?pi ... Z&unqvl=30
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchesplace.info/?l= ... Z&unqvl=30

IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchesplace.info/?pi ... Z&unqvl=30
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\SearchScopes\{936EBED9-5294-4096-8258-1A7EE65FCFCC}: "URL" = http://www.google.com/search?q={searchT ... utEncoding?}
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\SearchScopes\{B102FA15-A8F4-4A9A-AD3A-1D72375CCEFA}: "URL" = http://www.mysearchresults.com/search?c ... earchTerms}
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchesplace.info/?l= ... Z&unqvl=30
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\SearchScopes\{CC466DE6-EA26-417A-9B6D-EB0FA29775C3}: "URL" = http://websearch.ask.com/redirect?clien ... 2516216B94
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://websearch.searchesplace.info/?pi ... =30&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: djziggy%40gmail.com:2.0.8
FF - prefs.js..keyword.URL: "http://websearch.searchesplace.info/?pi ... =30&l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013.03.19 03:38:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dominik\AppData\Roaming\Mozilla\Extensions
[2013.06.30 20:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dominik\AppData\Roaming\Mozilla\Firefox\Profiles\g4q29tra.default-1363656536534\extensions
[2013.08.04 12:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dominik\AppData\Roaming\Mozilla\Firefox\Profiles\p2ixt51r.default-1374902621756\extensions
[2013.07.27 07:41:37 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\dominik\AppData\Roaming\Mozilla\Firefox\Profiles\p2ixt51r.default-1374902621756\extensions\djziggy@gmail.com
[2013.07.27 10:38:30 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\dominik\AppData\Roaming\Mozilla\Firefox\Profiles\p2ixt51r.default-1374902621756\extensions\translator@zoli.bod.xpi
[2013.07.31 09:58:03 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\dominik\AppData\Roaming\Mozilla\Firefox\Profiles\p2ixt51r.default-1374902621756\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.08.04 12:51:50 | 000,007,849 | ---- | M] () -- C:\Users\dominik\AppData\Roaming\Mozilla\Firefox\Profiles\p2ixt51r.default-1374902621756\searchplugins\WebSearch.xml
[2013.06.26 11:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.06.26 11:08:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://websearch.searchesplace.info/?pi ... Z&unqvl=30
CHR - Extension: SearchNewTab = C:\Users\dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\amofjppaafijeadihifkinhppkamfmhp\1\
CHR - Extension: SavEnsohhare = C:\Users\dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eabmejbgkanemgeekldaebphkhdiehoa\1\

O1 HOSTS File: ([2012.04.24 20:36:08 | 000,001,836 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001..\Run: [] File not found
O4 - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe (Winstep Software Technologies)
O4 - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001..\Run: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\dominik\AppData\Local\Temp\\tsiVi032.dll,start File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.108.107.106 109.108.109.108
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{000837CA-B460-4FC1-8AAF-CF08892FCC25}: DhcpNameServer = 109.108.107.106 109.108.109.108
O20 - AppInit_DLLs: (c:\progra~2\savesh~1\sprote~1.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~2\websea~1\sprote~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8703b4fb-92e1-11e2-ab6f-40618692a4cb}\Shell - "" = AutoRun
O33 - MountPoints2\{8703b4fb-92e1-11e2-ab6f-40618692a4cb}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()
Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.08.05 18:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.08.05 18:14:14 | 000,000,000 | ---D | C] -- C:\rsit
[2013.08.05 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.08.05 04:41:46 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Malwarebytes
[2013.08.05 04:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.08.05 03:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
[2013.08.05 03:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2013.08.04 23:23:06 | 002,440,704 | ---- | C] (AD © 2010) -- C:\Windows\SysWow64\SYNSOEMU.DLL
[2013.08.04 15:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\reFX
[2013.08.04 15:04:42 | 000,400,384 | ---- | C] (reFX CrackerX) -- C:\Windows\SysNative\CRACKNEX.dll
[2013.08.04 12:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013.08.04 12:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebSearch
[2013.08.04 12:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveShare
[2013.08.04 11:43:25 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
[2013.07.30 23:21:53 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013.07.30 23:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2013.07.30 23:21:42 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm
[2013.07.30 23:21:37 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\FlowStone
[2013.07.30 23:21:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DSPRobotics
[2013.07.30 11:44:05 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\cache
[2013.07.30 11:44:01 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Local\FullTiltPoker
[2013.07.30 10:41:33 | 000,000,000 | ---D | C] -- C:\Users\dominik\AppData\Roaming\Media Player Classic

========== Files - Modified Within 7 Days ==========

[2013.08.05 22:05:43 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.08.05 20:52:34 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.05 20:52:34 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.05 10:26:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.04 16:24:32 | 000,000,520 | ---- | M] () -- C:\Windows\netdet.ini
[2013.08.04 11:43:25 | 000,001,972 | ---- | M] () -- C:\Users\dominik\Desktop\Drakensang Online.lnk
[2013.07.30 23:22:12 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 11.lnk

========== Files Created - No Company Name ==========

[2013.08.05 22:05:43 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.07.30 23:22:12 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 11.lnk
[2013.07.30 23:21:50 | 000,000,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 11.lnk
[2013.07.28 13:40:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.07.25 14:33:02 | 001,559,340 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.02 19:09:17 | 000,008,192 | -HS- | C] () -- C:\Windows\o2cLicStore.bin
[2013.07.02 19:09:17 | 000,000,520 | ---- | C] () -- C:\Windows\netdet.ini
[2013.06.07 19:28:36 | 000,000,132 | ---- | C] () -- C:\Users\dominik\AppData\Roaming\Adobe Formát GIF CS6 – předvolby
[2013.05.15 18:13:54 | 000,000,896 | RHS- | C] () -- C:\Users\dominik\ntuser.pol
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.03.29 03:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.03.29 03:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.03.24 13:52:13 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2013.03.22 21:54:59 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2013.02.10 15:27:26 | 000,000,409 | ---- | C] () -- C:\Windows\MSUTIL.INI
[2013.02.02 15:26:18 | 000,007,625 | ---- | C] () -- C:\Users\dominik\AppData\Local\Resmon.ResmonCfg
[2013.02.02 12:43:52 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.02.02 12:43:52 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.02.02 12:43:52 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013.02.02 12:43:51 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.02.02 12:43:48 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.02.02 12:26:49 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2013.02.02 01:42:25 | 000,000,132 | ---- | C] () -- C:\Users\dominik\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.11.19 09:33:32 | 000,065,656 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2012.11.19 09:33:30 | 000,022,640 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2012.07.02 22:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
[2012.02.03 05:00:58 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\TCPClient.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.07.21 08:35:31 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\BANDISOFT
[2013.07.27 17:57:08 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Canneverbe Limited
[2013.02.01 21:46:10 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.08.05 00:21:46 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\DAEMON Tools Lite
[2013.07.30 23:21:38 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\FlowStone
[2013.06.08 12:01:07 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\GenArts
[2013.03.20 13:10:05 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\HD Tune Pro
[2013.02.04 04:17:35 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Image-Line
[2013.01.30 12:46:35 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\IObit
[2013.03.29 01:31:54 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\IsolatedStorage
[2013.05.30 18:01:21 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\LolClient
[2013.06.27 14:17:35 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Milestone
[2013.05.13 12:19:37 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Nokia
[2013.02.02 12:26:49 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\PACE Anti-Piracy
[2013.05.13 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\PC Suite
[2013.04.17 07:53:07 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\poclbm
[2013.02.01 13:48:58 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Red Giant Link
[2013.02.28 01:18:52 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.02.15 00:05:10 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\SynthMaker
[2013.02.13 19:30:28 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Unity
[2013.01.30 20:20:46 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Wargaming.net

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,594 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.04.21 13:34:12 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 06:24:28 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 06:24:28 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.20 05:16:56 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 05:16:56 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.20 02:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 02:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 02:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 05:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 06:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 06:33:36 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 06:33:36 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012.10.03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013.05.08 08:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2010.11.20 06:33:58 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012.08.22 20:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012.03.30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2013.05.08 08:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\SysNative\drivers\tcpip.sys
[2013.05.08 08:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013.01.04 07:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012.10.03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2012.08.22 20:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< >

< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[6 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.03.11 01:12:14 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Adobe
[2013.02.11 03:24:13 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Apple Computer
[2013.07.28 13:40:45 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\ATI
[2013.07.21 08:35:31 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\BANDISOFT
[2013.07.27 17:57:08 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Canneverbe Limited
[2013.02.01 21:46:10 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.08.05 00:21:46 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\DAEMON Tools Lite
[2013.07.30 23:21:38 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\FlowStone
[2013.06.08 12:01:07 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\GenArts
[2013.03.20 13:10:05 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\HD Tune Pro
[2013.01.30 01:38:30 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Identities
[2013.02.04 04:17:35 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Image-Line
[2013.01.30 12:46:35 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\IObit
[2013.03.29 01:31:54 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\IsolatedStorage
[2013.05.30 18:01:21 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\LolClient
[2013.01.30 12:38:13 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Macromedia
[2013.08.05 04:41:46 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Malwarebytes
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Media Center Programs
[2013.08.05 00:21:46 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Media Player Classic
[2013.08.03 21:53:01 | 000,000,000 | --SD | M] -- C:\Users\dominik\AppData\Roaming\Microsoft
[2013.06.27 14:17:35 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Milestone
[2013.03.19 03:38:50 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Mozilla
[2013.05.13 12:19:37 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Nokia
[2013.02.02 12:26:49 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\PACE Anti-Piracy
[2013.05.13 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\PC Suite
[2013.04.17 07:53:07 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\poclbm
[2013.02.01 13:48:58 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Red Giant Link
[2013.07.27 12:39:28 | 000,000,000 | RH-D | M] -- C:\Users\dominik\AppData\Roaming\SecuROM
[2013.02.28 01:18:52 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.02.15 00:05:10 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\SynthMaker
[2013.02.13 19:30:28 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Unity
[2013.01.30 20:20:46 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\Wargaming.net
[2013.01.30 02:42:00 | 000,000,000 | ---D | M] -- C:\Users\dominik\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2013.02.02 00:32:41 | 000,055,424 | ---- | M] (Adobe Systems Inc.) -- C:\Users\dominik\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2013.02.01 13:48:51 | 000,262,144 | ---- | M] () -- C:\Users\dominik\AppData\Roaming\Red Giant Link\tools\RGLicenseCheck.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2013.06.13 05:23:54 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"AdobeBridge" =
"Nexus" = C:\Program Files (x86)\Winstep\Nexus.exe autostart -- [2012.03.28 17:03:16 | 016,957,056 | ---- | M] (Winstep Software Technologies)
"" =
"tsiVideo" = C:\Windows\SysWOW64\rundll32.exe C:\Users\dominik\AppData\Local\Temp\\tsiVi032.dll,start -- [2009.07.14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.06.26 11:08:47 | 000,920,472 | ---- | M] (Mozilla Corporation) MD5=C8D28F8B498CADBB9445AC4545BD41B7 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013.06.12 02:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.08.05 22:05:43 | 000,000,512 | ---- | M] () MD5=6B5B61628D317E3539375CE5F97AACF5 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012.04.21 15:59:07 | 001,306,290 | ---- | M] () -- \software\AAE-projedts\VideoHive Mega Collection Pack 3-BLUEPLANET\videohive_Urban-of-the-cinematic\Assets\Environement Textures\Concrete Crack.jpg
[2009.11.30 20:31:05 | 003,096,763 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_01.mov
[2009.11.30 22:37:43 | 004,551,510 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_02.mov
[2009.11.30 22:37:56 | 004,492,767 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_03.mov
[2009.11.30 19:58:24 | 003,459,479 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_04.mov
[2009.11.30 20:31:05 | 003,179,829 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_05.mov
[2009.11.30 18:58:10 | 002,592,017 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_06.mov
[2009.11.30 20:33:19 | 003,082,263 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_07.mov
[2009.11.30 21:24:16 | 002,995,649 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_08.mov
[2009.11.30 20:12:18 | 002,699,493 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_09.mov
[2009.11.30 21:06:07 | 002,488,734 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_10.mov
[2009.11.30 20:12:18 | 002,608,502 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_11.mov
[2009.11.30 22:35:34 | 002,856,210 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_12.mov
[2009.11.30 21:06:07 | 002,509,509 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_13.mov
[2009.11.30 18:58:51 | 002,792,158 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_14.mov
[2009.11.30 21:45:27 | 002,196,137 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\16. Sparks\FireCracker_15.mov
[2009.11.30 20:03:55 | 000,111,594 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_01.jpg
[2009.11.30 20:03:55 | 000,108,963 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_02.jpg
[2009.11.30 20:03:55 | 000,107,869 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_03.jpg
[2009.11.30 20:03:55 | 000,104,605 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_04.jpg
[2009.11.30 20:03:55 | 000,093,997 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_05.jpg
[2009.11.30 20:03:55 | 000,126,376 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_06.jpg
[2009.11.30 20:03:55 | 000,118,902 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_07.jpg
[2009.11.30 20:03:55 | 000,104,510 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_08.jpg
[2009.11.30 20:03:55 | 000,085,621 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_09.jpg
[2009.11.30 20:03:55 | 000,152,988 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_10.jpg
[2009.11.30 20:03:55 | 000,107,645 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_11.jpg
[2009.11.30 20:47:07 | 000,160,512 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_12.jpg
[2009.11.30 20:03:55 | 000,093,142 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_13.jpg
[2009.11.30 20:03:55 | 000,105,132 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Cracks\Ground_Crack_14.jpg
[2009.11.30 20:34:36 | 000,565,096 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Windshields\Glass_Cracks_01.jpg
[2009.11.30 22:36:39 | 001,160,984 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Windshields\Glass_Cracks_02.jpg
[2009.11.30 22:36:39 | 001,469,487 | ---- | M] () -- \software\Action Essentials 2\Action_Essentials_720p\20. Textures\Windshields\Glass_Cracks_03.jpg
[2009.11.30 19:24:21 | 000,713,390 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_01.mp4
[2009.11.30 19:24:21 | 000,711,341 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_02.mp4
[2009.11.30 18:58:35 | 000,736,017 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_03.mp4
[2009.11.30 19:24:21 | 000,714,475 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_04.mp4
[2009.11.30 20:00:32 | 000,721,673 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_05.mp4
[2009.11.30 19:24:21 | 000,712,739 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_06.mp4
[2009.11.30 20:00:32 | 000,720,995 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_07.mp4
[2009.11.30 20:00:32 | 000,722,650 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_08.mp4
[2009.11.30 18:57:58 | 000,717,232 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_09.mp4
[2009.11.30 18:57:58 | 000,714,980 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_10.mp4
[2009.11.30 18:57:58 | 000,719,415 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_11.mp4
[2009.11.30 20:00:32 | 000,727,484 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_12.mp4
[2009.11.30 18:57:58 | 000,717,181 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_13.mp4
[2009.11.30 20:00:32 | 000,727,358 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_14.mp4
[2009.11.30 18:57:58 | 000,715,397 | ---- | M] () -- \software\Action Essentials 2\Video_Thumbnails\16. Sparks\FireCracker_15.mp4
[2013.02.09 11:57:05 | 000,033,045 | ---- | M] () -- \software\Editing packs\Editing pack vol. 10\Zvuky\01327_SFX - lámání,cracking.mp3
[2011.01.12 15:36:00 | 000,243,712 | ---- | M] () -- \software\Optical Flares\OpticalFlaresCrack(Spider) 1.2.132.exe
[2013.03.11 03:50:24 | 000,000,590 | ---- | M] () -- \software\VCFlaresBundle 1.3.3\Crack\crack.txt
[2013.02.03 15:59:30 | 003,699,294 | ---- | M] () -- \software\Video.Copilot.Element.3D.v1.5.WiN\Crack.rar

< *keygen* /s >

< *loader* /s >
[2002.05.26 11:40:58 | 000,013,824 | ---- | M] () -- \software\ArCon v.6 + Tiler 2.2 CZ + Katalogy_\Arcon 6.02 CZ\crack\loader.exe
[2010.07.19 20:11:57 | 000,011,927 | ---- | M] () -- \software\ArCon v.6 + Tiler 2.2 CZ + Katalogy_\Arcon 6.02 CZ\crack\loader.rar

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:66BB1E73
@Alternate Data Stream - 1143 bytes -> C:\ProgramData\Microsoft:oSClbidpucKhLVdkzXxmUEScc
@Alternate Data Stream - 1026 bytes -> C:\ProgramData\Microsoft:nQLbaVX5ngJZNEpetyEjGy1p

< End of report >

hugostieglitz · #11 Příspěvek od **hugostieglitz** » 05 srp 2013 21:22

OTL Extras logfile created on: 5.8.2013 22:04:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\stahování z internetu
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

8,00 Gb Total Physical Memory | 4,84 Gb Available Physical Memory | 60,55% Memory free
16,00 Gb Paging File | 12,49 Gb Available in Paging File | 78,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 43,35 Gb Free Space | 44,43% Space Free | Partition Type: NTFS
Drive D: | 635,49 Gb Total Space | 600,25 Gb Free Space | 94,45% Space Free | Partition Type: NTFS
Drive E: | 198,36 Gb Total Space | 114,96 Gb Free Space | 57,95% Space Free | Partition Type: NTFS

Computer Name: DOMINIK-PC | User Name: dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2346373696-3514916518-1655548664-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- E:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- E:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00903D5C-2DB0-4D6B-998B-F2E17DB66EE2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0704A39B-ACDA-4CF0-A085-265882601B84}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0844FC0F-FC69-4361-A988-CDF2F43D68C3}" = rport=137 | protocol=17 | dir=out | app=system |
"{0911D98C-F72E-401B-9A18-AAB5760909DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{0DD7A4C5-AE0B-438E-A191-6600E58AC350}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A6B3481-6089-4BA8-9AF3-D01DA7183924}" = lport=139 | protocol=6 | dir=in | app=system |
"{1DDC92C4-FCC2-4288-8A30-58A07A0043FA}" = rport=139 | protocol=6 | dir=out | app=system |
"{28BC43B8-CDEC-4B5B-96AE-E10502ABC267}" = lport=138 | protocol=17 | dir=in | app=system |
"{2FADC296-81C8-4C97-BE31-3BDFDE30057B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34F55FFC-538E-4ABB-ADE3-ED945CB07386}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38E9FEA7-9C04-4E60-9D26-A1123B95EDE5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{463FE417-A2C7-4E98-B29A-5120E9AA94F2}" = rport=445 | protocol=6 | dir=out | app=system |
"{4E376EF8-2F41-484C-9505-B2979505D152}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{557DB1E5-4B9A-4F64-B304-902D12E0B774}" = lport=445 | protocol=6 | dir=in | app=system |
"{7B79F43F-C704-40B5-9639-C75FD4863FFC}" = lport=137 | protocol=17 | dir=in | app=system |
"{BE0BE59A-6D68-448C-8BF2-159AB3031740}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB54F9B6-43C6-4B1B-8E2D-89DE46A48E6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB3F2BC1-019A-4381-8778-553A2A64784F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E288DB29-458B-41CE-AD6D-F6197E057945}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA291BBC-53F2-43F9-B9DB-37AA3F8E499B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F7703335-D797-42D3-9237-5BF4294C63B1}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B95942-F2A4-4EA3-B05F-6AD02B940B98}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0243205B-A865-482A-8222-9B277424A7F0}" = protocol=17 | dir=in | app=e:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{052A6E82-8C1D-46CE-96C1-C547AEFD0E41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A473A2C-15E5-471E-BE22-BC50725C8267}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3BE758E4-ED07-428E-9D2A-F0837F762882}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5823DB94-3CBE-4020-A754-DE76A304593E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{736258D1-EA67-4D0D-9380-0C3BD390FDDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7428BE53-06A8-4062-B346-A11685B0E3F6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A9C769E-D898-4EFB-A616-A53A07DF5F2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{905C9CD7-C6BB-4F89-8F93-44CEE485D519}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{92734778-BBFB-46DF-92C3-E8FE8D09F4E6}" = protocol=6 | dir=in | app=e:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{9664591F-DF49-4084-9D58-45975654BBA2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{96BECE45-F7A0-4834-866E-A94F07B5452A}" = protocol=6 | dir=out | app=system |
"{A0F411E9-B36D-46A7-A883-BED063D41BD0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B262598F-120B-4A4F-B261-E0A0E7B7574B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3D6CB91-848A-451C-ABA7-013E3A032AFB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B9DC80D3-64E3-4AE5-93CC-F8B89E1328C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA69FF52-7829-4D2A-87E7-57529BDDBC3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6EB824A-F83D-42C5-AF67-888BFB57CDAA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D01E16AB-C345-466E-BC6F-ACA120342242}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ECC68BF7-2D1F-4252-8E71-63914DBF1577}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{FCF70A30-5886-457E-B174-24B5AB307A0C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE1B0557-63D7-4D27-861D-3FA542F405FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2A5A3AF1-2F18-4468-8164-81672C0E48B1}E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe" = protocol=6 | dir=in | app=e:\program files\adobe\adobe after effects cs6\support files\afterfx.exe |
"TCP Query User{466DBF7A-675B-4E97-9109-74075251F756}E:\program files (x86)\wot\wotlauncher.exe" = protocol=6 | dir=in | app=e:\program files (x86)\wot\wotlauncher.exe |
"TCP Query User{53A815E0-9FF8-43CB-93A8-E931B8EB6522}E:\program files (x86)\race driver grid\grid.exe" = protocol=6 | dir=in | app=e:\program files (x86)\race driver grid\grid.exe |
"TCP Query User{64BCFD8D-4DA4-4C20-B6BE-033F6D116977}E:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=e:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{8951013E-D483-420B-94DE-FF23B42CE50C}E:\program files (x86)\wot\worldoftanks.exe" = protocol=6 | dir=in | app=e:\program files (x86)\wot\worldoftanks.exe |
"UDP Query User{B0E473F2-9EAC-4711-B826-1F79DAB180C2}E:\program files (x86)\wot\worldoftanks.exe" = protocol=17 | dir=in | app=e:\program files (x86)\wot\worldoftanks.exe |
"UDP Query User{B7661D5C-B58C-42F8-BE13-00843CEFF06C}E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe" = protocol=17 | dir=in | app=e:\program files\adobe\adobe after effects cs6\support files\afterfx.exe |
"UDP Query User{C52D0E31-9D09-41B6-9808-3E118359693A}E:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=e:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{C73D698C-ECC4-465A-B8BD-4B3A856210F8}E:\program files (x86)\race driver grid\grid.exe" = protocol=17 | dir=in | app=e:\program files (x86)\race driver grid\grid.exe |
"UDP Query User{F5DE12DF-3453-40D8-A8CD-9A20884A823B}E:\program files (x86)\wot\wotlauncher.exe" = protocol=17 | dir=in | app=e:\program files (x86)\wot\wotlauncher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}" = AMD Catalyst Install Manager
"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client
"{2E8540C0-E871-4ACB-91FD-61DDA856578E}_is1" = particleIllusion v1.04 for After Effects
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65CB9F89-D702-0D9C-47EA-ABC772466642}" = ccc-utility64
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{7BC4167C-BD93-55BD-3C97-53D49764B89E}" = ccc-utility64
"{7DF39B3F-E4C4-9FAF-229B-863F12AB405C}" = AMD Drag and Drop Transcoding
"{81F9BAD3-8695-87CE-F7FB-E0C2DAE248E8}" = AMD Media Foundation Decoders
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{93CC7ABC-A87B-6AB2-9E6D-073B5FF2A794}" = AMD Accelerated Video Transcoding
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A27FDB06-60C8-4D5A-BB2F-8038FD151E3C}" = Trapcode Suite 64-bit
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B7765C3D-27EE-4AA8-BB54-D88285D128A0}" = Effects Suite 64-bit
"{BE090376-7EC6-3760-1EE2-B08AE3BEEF8C}" = AMD Fuel
"{C6A6C665-F8D7-4CAD-942A-5D2A5C8F5133}" = Keying Suite 64-bit
"{D376D654-CBBB-4601-8496-D1A54D4D80EA}" = Magic Bullet Suite 64-bit
"{D386FE62-CD8D-C8E0-DCA7-ED5FCAB476A5}" = AMD Wireless Display v3.0
"{FD1069BB-3DD7-A65E-8D35-457178205828}" = AMD Fuel
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"GenArts Sapphire AE_is1" = GenArts Sapphire Plug-ins 7.02 for After Effects and Compatible
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Windows Movie Maker" = Windows Movie Maker
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{02FCB110-08FE-EE9E-8106-BF41B7F24EAA}" = CCC Help German
"{036A2AC2-5514-1499-8F0E-48009132658F}" = CCC Help Portuguese
"{0685213E-9FF3-1368-37E3-5CECB5A0708C}" = CCC Help Russian
"{07CD994D-2144-41B9-5C2C-A85B40EBBA51}" = CCC Help Finnish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C808377-8C23-44ED-9016-05F42E6D4900}" = Nokia Suite
"{0E5A1A36-48B1-1F06-288C-E10B72B5E6AD}" = CCC Help French
"{0F747F46-57A0-6CD3-A234-BD4E46F2BFEB}" = CCC Help Polish
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{18B94876-310B-AF53-F881-7464E7E3E200}" = CCC Help Czech
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1EB8D6DC-DA9E-837D-C31A-0FCE20E1EF76}" = Catalyst Control Center Localization All
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver
"{295E13D5-2CCE-C01B-4E21-F41F543CF2C2}" = CCC Help Spanish
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{384E9F9A-4E8C-562C-E6D1-E494F9CADF7C}" = CCC Help Korean
"{3A3ED943-EE4C-F71F-293B-19DE57DA59F7}" = Catalyst Control Center Localization All
"{3C249872-D97C-62F9-A3E2-F7AAAC07BEF8}" = CCC Help Chinese Traditional
"{3F42232F-EC8D-E1D3-CAD1-1B402F109D4C}" = CCC Help Dutch
"{407B3E09-9CDC-38F6-A6CB-16DB4B6A96B0}" = CCC Help Swedish
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{45B2C1A3-2050-0BC1-0A90-50EB4A7E77A8}" = CCC Help Turkish
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4BB8B7F6-726B-2301-DD5A-067F95A8A48F}" = CCC Help German
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{528270B1-D447-4818-AA2B-06326A6B5985}" = mb Software ArCon 6 Czech
"{528EFF5D-2209-B614-40C0-5D87F73F3E8D}" = CCC Help French
"{53C09642-6FC9-37BD-BEB5-70D04B1C94A9}" = AMD VISION Engine Control Center
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57BDAFA7-14F8-BE66-062A-B239B0B4CC14}" = CCC Help Italian
"{58DC8822-E621-D6A1-96B7-3252684A0255}" = Catalyst Control Center InstallProxy
"{58ECCB6B-73FB-CBBA-42FC-91659DFA342C}" = CCC Help Chinese Standard
"{593C189C-E257-5065-7190-D4AC5D35E743}" = CCC Help Turkish
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64FB743D-7B5A-9408-0CF5-09FBABE5C2E5}" = CCC Help Thai
"{6547BC5F-1FC4-CD5D-3783-45370C980043}" = AMD VISION Engine Control Center
"{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{752EEDEB-8605-8E51-2135-48AF996C8DFC}" = CCC Help English
"{784D940E-A14C-45C1-8554-1BAD248679A3}_is1" = Race Driver GRID verze 1.3
"{7889B25D-701C-8EB5-50BA-A14BBB9B3BE5}" = CCC Help Norwegian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84042D38-8170-AB81-C179-C5D779A04899}" = CCC Help Portuguese
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8ADB9927-E5C4-CDF6-6730-96A09D4E2C89}" = Catalyst Control Center InstallProxy
"{8B29685B-F8C7-6C56-E6D1-EDC70FC26B78}" = Catalyst Control Center InstallProxy
"{8D962C94-3D7C-2163-B37E-9CB48B7D1DCD}" = CCC Help Dutch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{944B1085-FC85-AB0D-B614-D50F7FCC3241}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD71978-3576-C6E9-8C1D-7EDCF065A8BD}" = CCC Help Korean
"{9BA60F32-581E-EAC1-3B77-71A48FDF66FF}" = CCC Help Japanese
"{9BB07036-9BB9-B632-0DD6-0877E33E0DB6}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6F818D2-85B7-84E2-C33C-8E74D747AD55}" = CCC Help Greek
"{AB3655B1-D498-22B1-25DB-61293AE0552B}" = CCC Help Danish
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI - Czech
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4A7BDC1-C00A-3A19-03BD-BD85E62F4EBA}" = CCC Help Greek
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8230940-0DCC-E180-5744-4442F6C0CA28}" = CCC Help Thai
"{B8D60BC3-26C0-4D01-A5A0-D70BC9E05CFF}" = TILER 1.0 CZ - LB
"{B955CEF3-545F-DBCA-2CD2-3EE448F140DF}" = CCC Help Polish
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C123749C-23EC-62DB-A5FD-1ED5BC359AAF}" = CCC Help Japanese
"{C218AFCB-7EAB-FEC3-6552-FF090B3FD0A1}" = CCC Help Czech
"{C533DBF1-3A98-5D7D-B6CA-59CC1816F38C}" = CCC Help Italian
"{CE1598B5-B154-8280-6711-975F385A951B}" = CCC Help Finnish
"{D29491A3-BA85-F712-5C8D-B7E6803FEAD7}" = CCC Help Hungarian
"{D91570DC-2B63-1850-57D6-E7185C552718}" = CCC Help Chinese Standard
"{D9A1A69D-D788-12C5-3218-64EFB8C6ACFD}" = Catalyst Control Center Graphics Previews Common
"{DCEBBFA8-E3AB-D0FF-83CD-50C294166FBE}" = CCC Help Russian
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E745587A-2ED8-BA64-680E-BC35BE223275}" = CCC Help Danish
"{E809AF5A-DE37-0455-021A-8C4E769D5C18}" = Catalyst Control Center Graphics Previews Common
"{EA92CB68-9667-343A-1F53-B039583F2A3A}" = Catalyst Control Center InstallProxy
"{EC6004A3-B6E7-9728-55E8-508ABE51798F}" = CCC Help Norwegian
"{EDAA1085-C196-29B1-48B0-B82B72114001}" = CCC Help Swedish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F7A502C1-0568-CC04-E811-6BA863B26CE9}" = CCC Help Spanish
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE2EC31F-BDE7-322B-DDE7-F7792C22631B}" = CCC Help English
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"Databáze pro TILER : JaS 2013_is1" = Databáze pro TILER : JaS 2013
"Databáze pro TILER : LB 01-2009_is1" = Databáze pro TILER : LB 01-2009
"Databáze pro TILER : LB 02-2011_is1" = Databáze pro TILER : LB 02-2011
"Databáze pro TILER : LB 04-2013_is1" = Databáze pro TILER : LB 04-2013
"Databáze pro TILER : Marazzi 10-2011_is1" = Databáze pro TILER : Marazzi 10-2011
"Databáze pro TILER : Opoczno 09-2011_is1" = Databáze pro TILER : Opoczno 09-2011
"Drakensang Online" = Drakensang Online
"FL Studio 11" = FL Studio 11
"FlowStone" = FlowStone FL 3.0
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A27FDB06-60C8-4D5A-BB2F-8038FD151E3C}" = Trapcode Suite 64-bit
"InstallShield_{B7765C3D-27EE-4AA8-BB54-D88285D128A0}" = Effects Suite 64-bit
"InstallShield_{B8D60BC3-26C0-4D01-A5A0-D70BC9E05CFF}" = TILER 1.0 CZ - LB
"InstallShield_{C6A6C665-F8D7-4CAD-942A-5D2A5C8F5133}" = Keying Suite 64-bit
"InstallShield_{D376D654-CBBB-4601-8496-D1A54D4D80EA}" = Magic Bullet Suite 64-bit
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.7.0
"Mozilla Firefox 22.0 (x86 cs)" = Mozilla Firefox 22.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Need For Speed Most Wanted SK" = Need For Speed Most Wanted SK
"Nokia Suite" = Nokia Suite
"Resident Evil Revelations_is1" = Resident Evil Revelations
"SP_4e24eecb" = Search Assistant WebSearch 1.74
"SP_703c874a" = SaveShare 1.74
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"Tombraider_is1" = Tombraider
"Twixtor 5, After Effects-compatible plugin set" = Twixtor 5, After Effects-compatible plugin set
"Winstep Xtreme_is1" = Nexus 12.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4.8.2013 21:48:24 | Computer Name = dominik-PC | Source = Application Hang | ID = 1002
Description = Program FL.exe verze 1.1.0.0 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: ef8 Čas
spuštění: 01ce917da5ac92b3 Čas ukončení: 24 Cesta k aplikaci: E:\Program Files (x86)\Image-Line\FL
Studio 11\FL.exe ID hlášení:

Error - 5.8.2013 1:25:19 | Computer Name = dominik-PC | Source = Application Hang | ID = 1002
Description = Program GTAIV.exe verze 1.0.7.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
638 Čas spuštění: 01ce9197ece80474 Čas ukončení: 717 Cesta k aplikaci: E:\Program
Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe ID hlášení:

Error - 5.8.2013 2:47:55 | Computer Name = dominik-PC | Source = Application Hang | ID = 1002
Description = Program iw5sp.exe verze 0.0.0.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
334 Čas spuštění: 01ce91a4a88e5a92 Čas ukončení: 12 Cesta k aplikaci: E:\Program Files
(x86)\Call of Duty- Modern Warfare 3\iw5sp.exe ID hlášení:

Error - 5.8.2013 3:16:05 | Computer Name = dominik-PC | Source = Application Hang | ID = 1002
Description = Program GTAIV.exe verze 1.0.7.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
fb0 Čas spuštění: 01ce91a7e6f02016 Čas ukončení: 670 Cesta k aplikaci: E:\Program
Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe ID hlášení:

Error - 5.8.2013 6:29:32 | Computer Name = dominik-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro D:\stahování z internetu\esetsmartinstaller_csy.exe
se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku . Verze součásti požadovaná
aplikací je v konfliktu s jinou verzí součásti, která je již aktivní. Konfliktní
součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5.8.2013 6:55:56 | Computer Name = dominik-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro D:\stahování z internetu\esetsmartinstaller_csy.exe
se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku . Verze součásti požadovaná
aplikací je v konfliktu s jinou verzí součásti, která je již aktivní. Konfliktní
součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5.8.2013 6:55:59 | Computer Name = dominik-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro D:\stahování z internetu\esetsmartinstaller_csy.exe
se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku . Verze součásti požadovaná
aplikací je v konfliktu s jinou verzí součásti, která je již aktivní. Konfliktní
součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5.8.2013 6:56:00 | Computer Name = dominik-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro D:\stahování z internetu\esetsmartinstaller_csy.exe
se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku . Verze součásti požadovaná
aplikací je v konfliktu s jinou verzí součásti, která je již aktivní. Konfliktní
součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5.8.2013 6:57:37 | Computer Name = dominik-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro C:\Program Files (x86)\ESET\ESET
Online Scanner\ESETSmartInstaller.exe se nezdařilo. Chyba v souboru manifestu nebo
zásad na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí
součásti, která je již aktivní. Konfliktní součásti: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5.8.2013 12:18:21 | Computer Name = dominik-PC | Source = Application Hang | ID = 1002
Description = Program RSITx64.exe verze 3.3.2.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
1654 Čas spuštění: 01ce91f6d304430b Čas ukončení: 2 Cesta k aplikaci: D:\stahování
z internetu\RSITx64.exe ID hlášení:

[ System Events ]
Error - 5.8.2013 16:11:30 | Computer Name = dominik-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1058

Error - 5.8.2013 16:12:02 | Computer Name = dominik-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1058

Error - 5.8.2013 16:12:02 | Computer Name = dominik-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1058

Error - 5.8.2013 16:12:02 | Computer Name = dominik-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1058

Error - 5.8.2013 16:12:02 | Computer Name = dominik-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1058

Error - 5.8.2013 16:12:02 | Computer Name = dominik-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1058

Error - 5.8.2013 16:12:02 | Computer Name = dominik-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1058

Error - 5.8.2013 16:13:38 | Computer Name = dominik-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1058

Error - 5.8.2013 16:13:38 | Computer Name = dominik-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1058

Error - 5.8.2013 16:13:38 | Computer Name = dominik-PC | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%1058

< End of report >

#12 Příspěvek od **Rudy** » 05 srp 2013 21:56

Spusťte znovu OTL a do spodního bílého okna zkopírujte:

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchesplace.info/?pi ... Z&unqvl=30
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchesplace.info/?l= ... Z&unqvl=30
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchesplace.info/?pi ... Z&unqvl=30
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\SearchScopes\{936EBED9-5294-4096-8258-1A7EE65FCFCC}: "URL" =
E - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\SearchScopes\{B102FA15-A8F4-4A9A-AD3A-1D72375CCEFA}: "URL" = http://www.mysearchresults.com/search?c ... earchTerms}
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchesplace.info/?l= ... Z&unqvl=30
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\..\SearchScopes\{CC466DE6-EA26-417A-9B6D-EB0FA29775C3}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=2620ADE4-1C77-47ED-AC6B-1EE53437364A&apn_sauid=933AE526-7C61-404E-BC94-3F2516216B94
IE - HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://websearch.searchesplace.info/?pi ... =30&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..keyword.URL: "http://websearch.searchesplace.info/?pi ... =30&l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:66BB1E73
@Alternate Data Stream - 1143 bytes -> C:\ProgramData\Microsoft:oSClbidpucKhLVdkzXxmUEScc
@Alternate Data Stream - 1026 bytes -> C:\ProgramData\Microsoft:nQLbaVX5ngJZNEpetyEjGy1p

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

a klikněte na >Opravit<. Po skončení akce se zobrazí log, který sem zkopírujte.

hugostieglitz · #13 Příspěvek od **hugostieglitz** » 05 srp 2013 22:18

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2346373696-3514916518-1655548664-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
HKEY_USERS\S-1-5-21-2346373696-3514916518-1655548664-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2346373696-3514916518-1655548664-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2346373696-3514916518-1655548664-1001\Software\Microsoft\Internet Explorer\SearchScopes\{936EBED9-5294-4096-8258-1A7EE65FCFCC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{936EBED9-5294-4096-8258-1A7EE65FCFCC}\ not found.
Registry key HKEY_USERS\S-1-5-21-2346373696-3514916518-1655548664-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_USERS\S-1-5-21-2346373696-3514916518-1655548664-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CC466DE6-EA26-417A-9B6D-EB0FA29775C3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC466DE6-EA26-417A-9B6D-EB0FA29775C3}\ not found.
HKU\S-1-5-21-2346373696-3514916518-1655548664-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "WebSearch" removed from browser.search.defaultenginename
Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S
Prefs.js: "" removed from browser.search.defaultthis.engineName
Prefs.js: "http://websearch.searchesplace.info/?pi ... =30&l=1&q=" removed from browser.search.defaulturl
Prefs.js: "WebSearch" removed from browser.search.order.1
Prefs.js: S", "WebSearch" removed from browser.search.order.1,S
Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S
Prefs.js: "http://websearch.searchesplace.info/?pi ... =30&l=1&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "" removed from browser.startup.homepage
Prefs.js: "" removed from sweetim.toolbar.previous.keyword.URL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
ADS C:\ProgramData\TEMP:66BB1E73 deleted successfully.
ADS C:\ProgramData\Microsoft:oSClbidpucKhLVdkzXxmUEScc deleted successfully.
ADS C:\ProgramData\Microsoft:nQLbaVX5ngJZNEpetyEjGy1p deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: dominik
->Temp folder emptied: 12775196 bytes
->Temporary Internet Files folder emptied: 1172142 bytes
->Java cache emptied: 13140151 bytes
->FireFox cache emptied: 365159968 bytes
->Flash cache emptied: 64342 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27318 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50635 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 374,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: dominik
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: dominik
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 08052013_231228

Files\Folders moved on Reboot...
C:\Users\dominik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\dominik\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

hugostieglitz · #14 Příspěvek od **hugostieglitz** » 06 srp 2013 13:42

ještě budem něco podnikat?

#15 Příspěvek od **Rudy** » 06 srp 2013 17:08

Nastala nějaká změna?

VIRY.CZ

bitcoiner virus

bitcoiner virus

Re: bitcoiner virus

Re: bitcoiner virus

Re: bitcoiner virus

Re: bitcoiner virus

Re: bitcoiner virus

Re: bitcoiner virus

Re: bitcoiner virus

Re: bitcoiner virus

Re: bitcoiner virus

Re: bitcoiner virus

Re: bitcoiner virus

Re: bitcoiner virus

Re: bitcoiner virus

Re: bitcoiner virus