Ahoj,
už nějakou dobu to 7go máme v PC a nějak se nedaří to zlikvidovat. Ve firefoxu neustále vyskakují reklamní okna. Poprosil bych tedy o pomoc a následně se vám dle požadavku určitě odměnil.
Všechny spyhuntry atd. jsou samozřejmě jen na detekci a tudíž k ničemu:(
Předem díky
Petr
Log
Logfile of random's system information tool 1.09 (written by random/random)
Run by Muflon at 2013-12-13 22:33:24
Microsoft Windows 7 Ultimate
System drive C: has 33 GB (7%) free of 477 GB
Total RAM: 4095 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:34:47, on 13.12.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Muflon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= ... bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si= ... bs=true&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si= ... e&tid=2958
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CrossriderApp0035510 - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Nástroj WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10173 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /ELEVATED
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe"
"C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe"
"C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"C:\Users\Muflon\Downloads\RSITX64.EXE"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cec44755b7739f.job
C:\Windows\tasks\iWebar-chromeinstaller.job
C:\Windows\tasks\iWebar-codedownloader.job
C:\Windows\tasks\iWebar-enabler.job
C:\Windows\tasks\iWebar-firefoxinstaller.job
C:\Windows\tasks\iWebar-updater.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.tb.ask.com/search/GGmain. ... searchfor="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Nero.com/KM]
"Description"=
"Path"=C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
Web Search.xml
C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\
2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com
C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\searchplugins\
ask-web-search.xml
askcom.xml
Web Search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}]
iWebar - C:\Program Files (x86)\iWebar\iWebar-bho64.dll [2013-12-11 969072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-12-09 1567016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09 6270336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}]
iWebar - C:\Program Files (x86)\iWebar\iWebar-bho.dll [2013-12-11 641392]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-12-09 606544]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09 4502400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-12-09 1567016]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-12-09 606544]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2013-10-22 2777736]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2013-10-22 3684488]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]
"AutoKMS"=C:\Windows\AutoKMS.exe [2013-11-03 615936]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"Pando Media Booster"=C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2013-11-05 4287536]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [2012-12-04 773728]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe []
"NeroCheck"=C:\Windows\system32\NeroCheck.exe []
"PMBVolumeWatcher"=C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2012-09-25 724576]
"Nástroj WD Drive Unlocker"=C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [2012-06-13 1688008]
"!AVG Anti-Spyware"=C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-12-09 3568312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"= []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2013-12-13 22:33:24 ----D---- C:\rsit
2013-12-13 22:33:24 ----D---- C:\Program Files\trend micro
2013-12-11 16:55:45 ----D---- C:\Program Files (x86)\SysPlayer
2013-12-11 16:54:47 ----D---- C:\Program Files (x86)\iWebar
2013-12-11 16:53:11 ----D---- C:\Users\Muflon\AppData\Roaming\BitTorrent
2013-12-09 17:23:43 ----D---- C:\Users\Muflon\AppData\Roaming\AVAST Software
2013-12-09 17:22:05 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-12-09 17:22:05 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2013-12-09 17:22:05 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-12-09 17:22:04 ----A---- C:\Windows\system32\drivers\aswSP.sys
2013-12-09 17:22:04 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2013-12-09 17:22:04 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-12-09 17:22:03 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2013-12-09 17:22:03 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2013-12-09 17:21:51 ----A---- C:\Windows\avastSS.scr
2013-11-27 18:13:17 ----D---- C:\Program Files (x86)\Drogerie TETA
2013-11-22 19:18:17 ----D---- C:\Program Files (x86)\dm
2013-11-16 14:20:43 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2013-12-13 22:33:36 ----D---- C:\Windows\Prefetch
2013-12-13 22:33:27 ----D---- C:\Windows\temp
2013-12-13 22:33:24 ----RD---- C:\Program Files
2013-12-13 18:53:42 ----D---- C:\video
2013-12-12 17:57:31 ----D---- C:\ProgramData\Spyware Terminator
2013-12-12 09:34:50 ----D---- C:\Windows\system32\catroot2
2013-12-11 16:56:00 ----D---- C:\Windows\system32\Tasks
2013-12-11 16:55:57 ----D---- C:\Program Files\Common Files\System
2013-12-11 16:55:45 ----RD---- C:\Program Files (x86)
2013-12-11 16:55:25 ----D---- C:\Windows\Tasks
2013-12-11 11:45:16 ----D---- C:\Windows\SysWOW64
2013-12-11 11:45:13 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-12-09 18:45:44 ----D---- C:\Windows\system32\config
2013-12-09 17:28:35 ----SHD---- C:\Windows\Installer
2013-12-09 17:28:02 ----D---- C:\ProgramData
2013-12-09 17:26:44 ----D---- C:\Windows\system32\DriverStore
2013-12-09 17:26:44 ----D---- C:\Windows\system32\drivers
2013-12-09 17:26:44 ----D---- C:\Windows\system32\catroot
2013-12-09 17:26:44 ----D---- C:\Windows\inf
2013-12-09 17:22:01 ----D---- C:\Windows\winsxs
2013-12-09 17:22:00 ----D---- C:\Windows
2013-12-09 17:21:51 ----A---- C:\Windows\system32\aswBoot.exe
2013-12-09 17:17:08 ----SHD---- C:\System Volume Information
2013-12-09 17:16:16 ----D---- C:\ProgramData\AVAST Software
2013-12-04 13:29:53 ----D---- C:\ProgramData\CanonIJPLM
2013-12-02 19:24:33 ----D---- C:\Users\Muflon\AppData\Roaming\BSplayer PRO
2013-12-01 19:49:52 ----D---- C:\ProgramData\tmp
2013-11-30 19:30:09 ----D---- C:\Windows\System32
2013-11-30 19:30:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-29 13:40:17 ----D---- C:\Windows\system32\wdi
2013-11-28 13:38:57 ----D---- C:\ProgramData\hps
2013-11-17 01:18:20 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 17:44:30 ----D---- C:\Program Files (x86)\Mozilla Firefox.bak
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-12-09 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-12-09 205320]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2013-03-06 22600]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-12-09 92544]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-12-09 1032416]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-12-09 409832]
R1 aswTdi;aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [2013-12-09 65264]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys [2007-05-30 12024]
R1 AvgAsC64;AVG Anti-Spyware Clean Driver; C:\Windows\System32\DRIVERS\AvgAsC64.sys [2007-05-30 14072]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-02 283200]
R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-12-09 38984]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-12-09 84328]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2013-11-03 51496]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-13 5020672]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2012-06-13 14464]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-09 50344]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-09-25 474208]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2013-10-22 1149104]
R2 WDDriveService;WD Drive Manager; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-09-06 248248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 136176]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-16 119408]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
7go malware
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 7go malware
Zdravím!
Jak to vypadá s legalitou vašeho oper. systému?
Jak to vypadá s legalitou vašeho oper. systému?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Petr Špatenka
- Návštěvník
- Příspěvky: 9
- Registrován: 13 pro 2013 22:26
Re: 7go malware
No doufám, že dobře. Instaloval kolega z práce.
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 7go malware
OK. Dejte logy OTL:
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kliknete na tlacitko ProhledatCREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*loader* /s
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Petr Špatenka
- Návštěvník
- Příspěvky: 9
- Registrován: 13 pro 2013 22:26
Re: 7go malware
díky
log OTL
OTL logfile created on: 14.12.2013 12:11:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Muflon\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 62,73% Memory free
8,00 Gb Paging File | 6,10 Gb Available in Paging File | 76,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 31,90 Gb Free Space | 6,85% Space Free | Partition Type: NTFS
Drive H: | 931,48 Gb Total Space | 724,33 Gb Free Space | 77,76% Space Free | Partition Type: NTFS
Computer Name: MUMACHINE | User Name: Muflon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2013.12.14 12:08:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Muflon\Desktop\OTL.exe
PRC - [2013.12.09 17:21:49 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.12.09 17:21:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.11.16 14:20:50 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.11.05 20:47:35 | 004,287,536 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013.10.22 09:17:10 | 003,684,488 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2013.10.22 09:17:02 | 002,777,736 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2013.10.09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.12.04 17:20:52 | 000,773,728 | ---- | M] (ZONER software) -- C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
PRC - [2012.09.25 18:57:30 | 000,474,208 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012.09.25 18:52:20 | 000,724,576 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012.09.06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.13 16:53:50 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2012.05.23 07:00:00 | 003,791,824 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2007.06.11 10:25:42 | 006,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2007.05.30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
========== Modules (No Company Name) ==========
MOD - [2013.12.09 17:21:50 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013.12.04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013.12.04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013.12.04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013.12.04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013.12.04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013.11.16 14:20:50 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.11.05 20:47:35 | 004,287,536 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
========== Services (SafeList) ==========
SRV:64bit: - [2013.12.09 17:21:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.12.11 11:45:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.11.16 14:20:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.10.22 09:17:18 | 001,149,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2013.10.09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013.01.08 11:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.25 18:57:30 | 000,474,208 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.09.06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.05.30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.12.09 17:21:52 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.12.09 17:21:52 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.12.09 17:21:52 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.12.09 17:21:52 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.12.09 17:21:52 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.12.09 17:21:52 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.12.09 17:21:52 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.12.09 17:21:51 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.11.03 19:08:58 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2013.03.06 23:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.11.02 17:41:06 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.06.13 16:51:42 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.05.30 13:10:42 | 000,014,072 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AvgAsC64.sys -- (AvgAsC64)
DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.05.30 13:10:42 | 000,012,024 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys -- (AVG Anti-Spyware Driver)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.certified-toolbar.com?si= ... earchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.certified-toolbar.com?si= ... earchTerms}
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... cale=en_EU
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: 7go%407go.com:1.0.0.1
FF - prefs.js..extensions.enabledAddons: 2eb528f3-950d-48a3-be4b-5d7de6c8331e%40a41e199b-6ca4-4d23-ab87-73f2d1973314.com:0.93.174
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://search.tb.ask.com/search/GGmain. ... searchfor="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.12.09 17:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.06.11 20:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muflon\AppData\Roaming\Mozilla\Extensions
[2013.12.12 17:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions
[2013.12.12 17:57:19 | 000,000,000 | ---D | M] ("iWebar") -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com
[2013.12.13 11:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData
[2013.12.13 11:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins
[2013.12.13 11:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\userCode
[2013.10.08 09:37:00 | 000,161,536 | ---- | M] () (No name found) -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\7go@7go.com.xpi
[2013.07.24 18:00:56 | 000,009,624 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\searchplugins\ask-web-search.xml
[2010.12.20 10:44:24 | 000,002,254 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\searchplugins\askcom.xml
[2012.11.20 22:05:46 | 000,003,269 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\searchplugins\Web Search.xml
[2013.11.16 14:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.11.16 14:20:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.11.16 14:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.11.16 14:20:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.11.16 14:20:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.11.20 22:05:46 | 000,003,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Dokumenty Google = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disk Google = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: iWebar = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\crossrider
CHR - Extension: iWebar = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: avast! Online Security = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Skype Click to Call = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013.09.13 20:04:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (iWebar) - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho64.dll (iWebar)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (iWebar) - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho.dll (iWebar)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AutoKMS] C:\Windows\AutoKMS.exe ()
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Nástroj WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe (ZONER software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E749FD25-7805-4D84-8E9B-4370AA6C644B}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.11.03 17:44:22 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.mp4e - C:\Windows\SysWow64\MPEG4Evfw.dll ()
Drivers32: vidc.pDAD - C:\Windows\SysWow64\prodad-codec.dll (proDAD GmbH)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2013.12.14 12:08:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Muflon\Desktop\OTL.exe
[2013.12.13 22:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.12.13 22:33:24 | 000,000,000 | ---D | C] -- C:\rsit
[2013.12.11 16:56:04 | 000,000,000 | ---D | C] -- C:\Users\Muflon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SysPlayer
[2013.12.11 16:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SysPlayer
[2013.12.11 16:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iWebar
[2013.12.11 16:54:25 | 000,000,000 | ---D | C] -- C:\Users\Muflon\AppData\Local\CrashRpt
[2013.12.11 16:53:11 | 000,000,000 | ---D | C] -- C:\Users\Muflon\AppData\Roaming\BitTorrent
[2013.12.09 17:23:43 | 000,000,000 | ---D | C] -- C:\Users\Muflon\AppData\Roaming\AVAST Software
[2013.12.09 17:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013.12.09 17:22:05 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.12.09 17:22:04 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.12.09 17:22:04 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.12.09 17:22:04 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.12.09 17:22:03 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.12.09 17:22:03 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.12.09 17:21:51 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2013.12.14 12:16:07 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.12.14 12:08:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Muflon\Desktop\OTL.exe
[2013.12.14 12:07:41 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cec44755b7739f.job
[2013.12.14 11:46:27 | 001,575,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.12.14 11:46:27 | 000,665,706 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.12.14 11:46:27 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.12.14 11:46:27 | 000,139,402 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.12.14 11:46:27 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.12.14 11:45:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.14 11:44:48 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.14 11:44:48 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.14 11:39:44 | 000,001,464 | ---- | M] () -- C:\Windows\tasks\iWebar-codedownloader.job
[2013.12.14 11:39:39 | 000,002,230 | ---- | M] () -- C:\Windows\tasks\iWebar-firefoxinstaller.job
[2013.12.14 11:39:39 | 000,001,364 | ---- | M] () -- C:\Windows\tasks\iWebar-enabler.job
[2013.12.14 11:39:37 | 000,002,164 | ---- | M] () -- C:\Windows\tasks\iWebar-chromeinstaller.job
[2013.12.14 11:39:36 | 000,001,562 | ---- | M] () -- C:\Windows\tasks\iWebar-updater.job
[2013.12.14 11:39:35 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.14 11:39:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.14 11:39:14 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.11 16:56:04 | 000,001,023 | ---- | M] () -- C:\Users\Muflon\Desktop\SysPlayer.lnk
[2013.12.11 16:54:25 | 000,000,873 | ---- | M] () -- C:\Users\Muflon\Desktop\BitTorrent.lnk
[2013.12.11 11:45:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.12.11 11:45:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.12.10 21:54:48 | 000,620,281 | ---- | M] () -- C:\Users\Muflon\Desktop\Andik.jpg
[2013.12.10 21:52:55 | 000,578,043 | ---- | M] () -- C:\Users\Muflon\Desktop\lampion2.jpg
[2013.12.10 21:52:06 | 000,316,144 | ---- | M] () -- C:\Users\Muflon\Desktop\lampion.jpg
[2013.12.10 21:50:09 | 001,136,220 | ---- | M] () -- C:\Users\Muflon\Desktop\Spacir3.jpg
[2013.12.10 21:48:58 | 000,459,358 | ---- | M] () -- C:\Users\Muflon\Desktop\Spacir2.jpg
[2013.12.10 21:47:49 | 000,838,392 | ---- | M] () -- C:\Users\Muflon\Desktop\Spacir1.jpg
[2013.12.09 17:22:23 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.12.09 17:21:52 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.12.09 17:21:52 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.12.09 17:21:52 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.12.09 17:21:52 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.12.09 17:21:52 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.12.09 17:21:52 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.12.09 17:21:52 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.12.09 17:21:51 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.12.09 17:21:51 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.12.09 17:21:51 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.12.14 12:16:07 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.12.11 16:56:04 | 000,001,023 | ---- | C] () -- C:\Users\Muflon\Desktop\SysPlayer.lnk
[2013.12.11 16:55:25 | 000,001,562 | ---- | C] () -- C:\Windows\tasks\iWebar-updater.job
[2013.12.11 16:55:20 | 000,001,364 | ---- | C] () -- C:\Windows\tasks\iWebar-enabler.job
[2013.12.11 16:55:15 | 000,001,464 | ---- | C] () -- C:\Windows\tasks\iWebar-codedownloader.job
[2013.12.11 16:54:59 | 000,002,230 | ---- | C] () -- C:\Windows\tasks\iWebar-firefoxinstaller.job
[2013.12.11 16:54:49 | 000,002,164 | ---- | C] () -- C:\Windows\tasks\iWebar-chromeinstaller.job
[2013.12.11 16:54:25 | 000,000,873 | ---- | C] () -- C:\Users\Muflon\Desktop\BitTorrent.lnk
[2013.12.10 21:54:43 | 000,620,281 | ---- | C] () -- C:\Users\Muflon\Desktop\Andik.jpg
[2013.12.10 21:52:53 | 000,578,043 | ---- | C] () -- C:\Users\Muflon\Desktop\lampion2.jpg
[2013.12.10 21:52:04 | 000,316,144 | ---- | C] () -- C:\Users\Muflon\Desktop\lampion.jpg
[2013.12.10 21:50:07 | 001,136,220 | ---- | C] () -- C:\Users\Muflon\Desktop\Spacir3.jpg
[2013.12.10 21:48:57 | 000,459,358 | ---- | C] () -- C:\Users\Muflon\Desktop\Spacir2.jpg
[2013.12.10 21:47:43 | 000,838,392 | ---- | C] () -- C:\Users\Muflon\Desktop\Spacir1.jpg
[2013.12.09 17:22:23 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.12.09 17:22:05 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.12.09 17:22:05 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.11.09 08:20:12 | 001,553,692 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.11.05 20:20:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013.11.05 20:19:36 | 000,061,208 | ---- | C] () -- C:\Windows\SysWow64\MPEG4E-uninstall.exe
[2013.11.03 20:53:06 | 000,615,936 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2013.11.03 20:53:06 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013.09.13 20:03:13 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2013.09.13 20:03:13 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2013.09.13 20:03:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2013.09.13 19:10:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.09.13 19:10:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.09.13 19:10:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.09.13 19:10:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.09.13 19:10:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.30 23:07:13 | 000,014,848 | ---- | C] () -- C:\Users\Muflon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.28 20:33:13 | 000,000,174 | ---- | C] () -- C:\Windows\ESTIMATE-SETTING.INI
[2012.12.28 20:33:13 | 000,000,160 | ---- | C] () -- C:\Windows\ALIGN-SETTING.INI
[2012.12.28 20:33:13 | 000,000,106 | ---- | C] () -- C:\Windows\LIMIT-SETTING.INI
[2012.11.20 22:05:49 | 000,015,432 | ---- | C] () -- C:\Windows\Launcher.exe
[2012.08.28 19:44:37 | 000,000,291 | ---- | C] () -- C:\Users\Muflon\.jalbum-recent-projects.properties
[2012.08.28 18:36:18 | 000,000,482 | ---- | C] () -- C:\Users\Muflon\.jalbum-ftp-accounts.xml
[2012.08.28 17:40:29 | 000,004,316 | ---- | C] () -- C:\Users\Muflon\.jalbum-defaults.jap
[2012.06.14 20:03:15 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.10 19:41:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.03.19 10:50:21 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Ashampoo
[2013.12.09 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\AVAST Software
[2013.12.11 18:20:57 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\BitTorrent
[2013.12.02 19:24:33 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO
[2013.09.11 20:28:13 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\calibre
[2012.06.25 20:00:33 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Canon
[2012.11.02 17:42:33 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\DAEMON Tools Lite
[2013.10.08 11:47:35 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\File Scout
[2012.06.12 17:24:51 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\GHISLER
[2013.11.03 18:38:24 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Grisoft
[2012.08.28 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\JAlbum
[2012.08.28 21:40:40 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Jalbum AB
[2013.09.17 21:20:51 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\ObviousIdea
[2013.08.24 06:45:04 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\PerformerSoft
[2012.11.25 18:35:19 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\PhotoScape
[2013.09.12 19:58:44 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Posta
[2012.11.20 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Sony
[2013.08.23 18:36:24 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\SpeedAnalysis2
[2013.11.03 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Spyware Terminator
[2013.05.22 16:59:24 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\VitySoft
[2013.11.05 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\VSO
[2013.01.27 14:42:44 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Wargaming.net
[2012.12.28 20:57:07 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Zoner
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,596 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.11 20:57:09 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.07.04 11:16:00 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.10.08 17:56:30 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec44755b7739f.job
[2013.12.11 16:54:49 | 000,002,164 | ---- | C] () -- C:\Windows\Tasks\iWebar-chromeinstaller.job
[2013.12.11 16:54:59 | 000,002,230 | ---- | C] () -- C:\Windows\Tasks\iWebar-firefoxinstaller.job
[2013.12.11 16:55:15 | 000,001,464 | ---- | C] () -- C:\Windows\Tasks\iWebar-codedownloader.job
[2013.12.11 16:55:20 | 000,001,364 | ---- | C] () -- C:\Windows\Tasks\iWebar-enabler.job
[2013.12.11 16:55:25 | 000,001,562 | ---- | C] () -- C:\Windows\Tasks\iWebar-updater.job
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\ERDNT\cache64\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\SysNative\drivers\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
< >
< %systemroot%*.* /U /s >
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[2236 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.06.10 20:56:59 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Adobe
[2013.08.22 21:58:26 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Apple Computer
[2013.03.19 10:50:21 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Ashampoo
[2013.12.09 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\AVAST Software
[2013.12.11 18:20:57 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\BitTorrent
[2013.12.02 19:24:33 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO
[2013.09.11 20:28:13 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\calibre
[2012.06.25 20:00:33 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Canon
[2012.11.02 17:42:33 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\DAEMON Tools Lite
[2013.10.08 11:47:35 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\File Scout
[2012.06.12 17:24:51 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\GHISLER
[2013.04.10 20:25:11 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Google
[2013.11.03 18:38:24 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Grisoft
[2012.09.08 14:00:06 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Identities
[2012.11.19 22:14:40 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\InstallShield
[2012.08.28 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\JAlbum
[2012.08.28 21:40:40 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Jalbum AB
[2012.06.10 19:50:35 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Macromedia
[2009.07.14 08:45:14 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Media Center Programs
[2013.11.09 08:31:27 | 000,000,000 | --SD | M] -- C:\Users\Muflon\AppData\Roaming\Microsoft
[2013.02.16 12:07:20 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Mozilla
[2012.09.16 22:01:36 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Nero
[2013.09.17 21:20:51 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\ObviousIdea
[2013.08.24 06:45:04 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\PerformerSoft
[2012.11.25 18:35:19 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\PhotoScape
[2013.09.12 19:58:44 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Posta
[2013.10.20 21:32:09 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Skype
[2012.11.20 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Sony
[2012.11.19 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Sony Corporation
[2013.08.23 18:36:24 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\SpeedAnalysis2
[2013.11.03 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Spyware Terminator
[2013.05.22 16:59:24 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\VitySoft
[2013.11.05 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\VSO
[2013.01.27 14:42:44 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Wargaming.net
[2012.06.11 20:34:57 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\WinRAR
[2012.12.28 20:57:07 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Zoner
< %APPDATA%\*.exe /s >
[2013.12.11 16:54:25 | 001,137,240 | ---- | M] (BitTorrent Inc.) -- C:\Users\Muflon\AppData\Roaming\BitTorrent\BitTorrent.exe
[2013.12.11 16:54:25 | 001,137,240 | ---- | M] (BitTorrent Inc.) -- C:\Users\Muflon\AppData\Roaming\BitTorrent\updates\7.8.2_30265.exe
[2013.12.11 16:54:32 | 000,895,328 | ---- | M] (BitTorrent Inc.) -- C:\Users\Muflon\AppData\Roaming\BitTorrent\updates\7.8.2_30332.exe
[2009.08.11 20:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\AC3 Filter\ac3config.exe
[2009.08.11 20:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\AC3 Filter\spdif_test.exe
[2010.03.22 13:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\AC3 Filter\unins000.exe
[2010.02.23 16:01:52 | 001,185,871 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\FFDShow\unins000.exe
[2010.08.14 09:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\Haali media splitter\dsmux.exe
[2010.08.14 09:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\Haali media splitter\gdsmux.exe
[2010.08.14 09:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\Haali media splitter\mkv2vfr.exe
[2010.09.30 14:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\Haali media splitter\uninstall.exe
[2013.08.23 18:36:04 | 000,062,902 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\File Scout\uninst.exe
[2013.11.09 08:31:27 | 000,029,926 | R--- | M] () -- C:\Users\Muflon\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2013.11.09 08:34:44 | 000,405,504 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Muflon\AppData\Roaming\Microsoft\Installer\{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}\ARPPRODUCTICON.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2013.12.14 12:45:05 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.12.14 11:39:35 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.12.14 12:07:41 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec44755b7739f.job
[2013.12.14 11:39:37 | 000,002,164 | ---- | M] () -- C:\Windows\Tasks\iWebar-chromeinstaller.job
[2013.12.14 11:39:44 | 000,001,464 | ---- | M] () -- C:\Windows\Tasks\iWebar-codedownloader.job
[2013.12.14 11:39:39 | 000,001,364 | ---- | M] () -- C:\Windows\Tasks\iWebar-enabler.job
[2013.12.14 11:39:39 | 000,002,230 | ---- | M] () -- C:\Windows\Tasks\iWebar-firefoxinstaller.job
[2013.12.14 11:39:36 | 000,001,562 | ---- | M] () -- C:\Windows\Tasks\iWebar-updater.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2012.04.17 16:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd)
"Pando Media Booster" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe -- [2013.11.05 20:47:35 | 004,287,536 | ---- | M] ()
"Zoner Photo Studio Autoupdate" = C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE -- [2012.12.04 17:20:52 | 000,773,728 | ---- | M] (ZONER software)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.11.16 14:20:50 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=077D59BA0FD4007E841B6C670862B065 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.07.14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) MD5=376A9B411BF8B77D5BF84B24D0C7DACD -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.12.14 12:16:07 | 000,000,512 | ---- | M] () MD5=71F853DD34F613707D9FF825B29CDE3B -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2011.08.17 12:10:48 | 000,000,122 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Turtle\styles\Cracking.css
[2011.10.05 14:35:40 | 000,000,206 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Turtle\styles\Cracking.jap
[2011.09.15 10:53:58 | 000,021,054 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Turtle\styles\Cracking.jpg
[2010.06.14 13:49:08 | 000,004,690 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFx\HfxXML\65 - Patriotic-FireCracker.png
[2010.06.14 13:49:08 | 000,005,254 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFx\HfxXML\70 - Foods-Crackers.png
[2010.06.22 05:19:14 | 000,000,736 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFx\HfxXML\Crackers.xml
[2010.06.22 05:19:16 | 000,000,756 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFx\HfxXML\FireCracker.xml
[2012.02.02 15:16:26 | 000,009,987 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\Cracked Slab - Animated Slab.png
[2012.02.02 15:16:26 | 000,014,913 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\Cracked Slab - Cracked Slab.png
[2012.02.02 15:16:26 | 000,012,305 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\Cracked Slab - Horizontal Slab.png
[2012.02.02 15:16:26 | 000,012,608 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\Cracked Slab - Red Slab.png
[2012.02.02 15:16:26 | 000,011,676 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\Cracked Slab.png
[2011.10.21 12:18:12 | 000,009,561 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\CrackedSlab3D.fxt
[2012.02.02 15:16:26 | 000,006,719 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\Stained Glass - Big Crack.png
[2011.08.17 12:10:48 | 000,000,122 | ---- | M] () -- \Users\Muflon\AppData\Roaming\JAlbum\skins\Turtle\styles\Cracking.css
[2011.10.05 14:35:40 | 000,000,206 | ---- | M] () -- \Users\Muflon\AppData\Roaming\JAlbum\skins\Turtle\styles\Cracking.jap
[2011.09.15 10:53:58 | 000,021,054 | ---- | M] () -- \Users\Muflon\AppData\Roaming\JAlbum\skins\Turtle\styles\Cracking.jpg
[2013.05.22 16:59:26 | 000,005,369 | ---- | M] () -- \Users\Muflon\AppData\Roaming\VitySoft\FRD\plugins\crackle.frp
[2010.03.05 06:37:46 | 000,010,179 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Effects\65 - Patriotic\FireCracker.hfx
[2010.03.05 06:37:46 | 000,008,201 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Effects\70 - Foods\Crackers.hfx
[2010.03.05 06:45:04 | 001,543,882 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Food\Cracker.hfo
[2010.03.05 06:45:06 | 000,026,143 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker BAM.hfo
[2010.03.05 06:45:06 | 000,027,267 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker bottom.hfo
[2010.03.05 06:45:06 | 000,080,879 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker top.hfo
[2012.06.20 10:11:30 | 000,811,885 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX - Exploze a požáry\Fire Crackle.mp3
[2012.06.20 10:11:28 | 000,159,750 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Gag\Whip Crack Vx.mp3
[2012.06.20 10:11:28 | 000,159,750 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Gag\Whip Crack.mp3
[2012.06.20 10:11:30 | 000,115,740 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Hrající si děti\Bat Crack.mp3
[2012.06.20 10:11:28 | 000,077,918 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX - Sport\Baseball - Bat Cracking.mp3
[2012.06.20 10:11:30 | 003,020,460 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Zimní radovánky\Crackling Hearth.mp3
< *keygen* /s >
[2011.02.01 16:28:40 | 000,322,048 | ---- | M] () -- \Users\Muflon\Downloads\Google-SketchUp-Pro-7\Google SketchUp Pro 7\keygen.exe
< *loader* /s >
[2013.01.09 18:20:26 | 000,071,208 | ---- | M] () -- \Games\World_of_Tanks\PhysXLoader.dll
[2013.09.04 19:10:18 | 000,002,221 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\graphicspresetsloader.pyc
[2013.09.04 19:10:18 | 000,007,015 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\guicolorsloader.pyc
[2013.09.04 19:10:18 | 000,003,974 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\guisoundsloader.pyc
[2013.10.24 12:45:58 | 000,006,629 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\logindataloader.pyc
[2013.09.04 19:10:18 | 000,002,773 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\windowsstoreddataloader.pyc
[2013.09.04 19:10:18 | 000,001,504 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\scaleform\framework\entities\abstract\loadermanagermeta.pyc
[2013.10.24 12:45:58 | 000,006,542 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\scaleform\framework\managers\loaders.pyc
[2013.02.26 17:36:29 | 000,003,668 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\helpers\rssdownloader.pyc
[2013.09.04 19:10:18 | 000,006,907 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\tutorial\loader.pyc
[2013.05.29 20:52:30 | 000,071,208 | ---- | M] () -- \Games\World_of_Tanks_CT\PhysXLoader.dll
[2013.05.29 20:52:30 | 000,003,668 | ---- | M] () -- \Games\World_of_Tanks_CT\res\scripts\client\helpers\rssdownloader.pyc
[2013.05.29 20:52:30 | 000,006,463 | ---- | M] () -- \Games\World_of_Tanks_CT\res\scripts\client\tutorial\loader.pyc
[2011.07.08 10:11:10 | 000,044,032 | R--- | M] () -- \Program Files (x86)\Calibre2\DLLs\PyISAPI_loader.dll
[2010.03.24 20:12:34 | 000,249,680 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2010.03.24 20:12:34 | 000,018,264 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2012.11.23 14:20:00 | 000,343,040 | ---- | M] () -- \Program Files (x86)\dm\dm paradies foto\CWImageLoader0.dll
[2013.09.25 09:35:26 | 000,401,920 | ---- | M] () -- \Program Files (x86)\Drogerie TETA\Fotosvet TETA\CWImageLoader0.dll
[2013.09.25 09:35:26 | 000,401,920 | ---- | M] () -- \Program Files (x86)\Fotolab\Fotolab Fotosvet\CWImageLoader0.dll
[2008.11.13 09:38:28 | 000,004,176 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\searching\ajax-loader.gif
[2008.11.13 09:39:18 | 000,000,500 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 7\Tools\DynamicComponents\ruby\dcloader.rb
[2009.12.29 19:02:28 | 000,028,946 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 7\Tools\WebTextures\webtextures_loader.rb
[2012.12.04 10:55:48 | 000,004,176 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 8\Resources\en-US\searching\ajax-loader.gif
[2012.12.04 10:56:18 | 000,000,228 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 8\Tools\AdvancedCameraTools\actloader.rb
[2012.12.04 10:55:48 | 000,000,513 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 8\Tools\DynamicComponents\ruby\dcloader.rb
[2012.12.04 10:55:48 | 000,001,875 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 8\Tools\ShadowStringsFix\shadowstringsfix_loader.rb
[2012.12.04 10:55:48 | 000,003,953 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 8\Tools\SolarNorth\solarnorth_loader.rb
[2012.12.04 10:55:48 | 000,029,557 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 8\Tools\WebTextures\webtextures_loader.rb
[2013.02.09 02:39:28 | 000,000,934 | ---- | M] () -- \Program Files (x86)\Google\Picasa3\runtime\gpuploader_main.fen
[2013.12.11 16:55:09 | 000,523,632 | ---- | M] () -- \Program Files (x86)\iWebar\iWebar-codedownloader.exe
[2010.01.28 10:24:20 | 000,003,208 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Galleria\styles\Dark\loader.gif
[2010.06.23 13:59:26 | 000,003,208 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Galleria\styles\Gray\loader.gif
[2010.01.28 10:24:22 | 000,003,208 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Galleria\styles\Light\loader.gif
[2010.06.23 14:40:46 | 000,003,208 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Galleria\styles\Red\loader.gif
[2012.09.25 18:53:18 | 000,370,784 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\PMBDownloader.exe
[2012.09.25 18:51:44 | 000,000,012 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\PMBDownloader.ver
[2012.09.25 18:51:44 | 000,000,012 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\PMBServiceUploader.ver
[2012.09.25 18:56:08 | 004,026,464 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\ServiceUploader.dll
[2012.09.25 18:53:20 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\de-DE\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,037,375 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\de-DE\ServiceUploaderStrings.xml
[2012.09.25 18:53:20 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\en-US\PMBDownloaderLOC.dll
[2012.06.05 17:31:50 | 000,034,406 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\en-US\ServiceUploaderStrings.xml
[2012.04.18 17:45:28 | 000,034,069 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\en-US\zal\ServiceUploaderStrings.xml
[2012.09.25 18:53:22 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\es-ES\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,037,748 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\es-ES\ServiceUploaderStrings.xml
[2012.09.25 18:53:22 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\fr-FR\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,038,017 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\fr-FR\ServiceUploaderStrings.xml
[2012.09.25 18:53:24 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\it-IT\PMBDownloaderLOC.dll
[2012.04.18 17:03:28 | 000,036,539 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\it-IT\ServiceUploaderStrings.xml
[2012.09.25 18:53:18 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\ja-JP\PMBDownloaderLOC.dll
[2012.04.18 17:45:28 | 000,040,190 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\ja-JP\ServiceUploaderStrings.xml
[2012.09.25 18:53:24 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\ko-KR\PMBDownloaderLOC.dll
[2012.04.18 17:45:28 | 000,037,691 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\ko-KR\ServiceUploaderStrings.xml
[2012.09.25 18:53:26 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\nl-NL\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,035,795 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\nl-NL\ServiceUploaderStrings.xml
[2012.09.25 18:53:32 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\pl-PL\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,036,670 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\pl-PL\ServiceUploaderStrings.xml
[2012.09.25 18:53:26 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\pt-BR\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,037,352 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\pt-BR\ServiceUploaderStrings.xml
[2012.09.25 18:53:28 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\ru-RU\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,048,492 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\ru-RU\ServiceUploaderStrings.xml
[2012.09.25 18:53:28 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\sv-SE\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,035,348 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\sv-SE\ServiceUploaderStrings.xml
[2012.09.25 18:53:30 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\zh-CN\PMBDownloaderLOC.dll
[2012.04.18 17:45:28 | 000,033,140 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\zh-CN\ServiceUploaderStrings.xml
[2012.09.25 18:53:30 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\zh-TW\PMBDownloaderLOC.dll
[2012.04.18 17:45:28 | 000,033,193 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\zh-TW\ServiceUploaderStrings.xml
[2010.03.24 20:35:48 | 000,370,512 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2010.03.24 20:35:48 | 000,018,264 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2012.11.16 10:52:36 | 000,432,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 14:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSPluginLoader.exe
[2012.10.18 16:47:30 | 000,442,368 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 14:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSPluginLoader.exe
[2012.11.16 12:39:34 | 000,193,024 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 14:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPluginLoader.exe
[2012.12.04 17:20:18 | 000,103,520 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\8bfLoader.exe
[2012.12.04 17:20:32 | 000,017,504 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\WICLoader.exe
[2012.12.04 17:21:56 | 000,020,064 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program64\WICLoader.exe
[2011.11.17 14:50:34 | 000,000,232 | ---- | M] () -- \ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.12.04 16:00:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.12.04 16:00:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.12.04 16:00:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2010.04.13 08:39:32 | 000,003,208 | ---- | M] () -- \Stromy\www\Weby\HTML\Galerie\Sadba\album\res\loader.gif
[2010.04.13 08:39:32 | 000,003,208 | ---- | M] () -- \Stromy\www\Weby\HTML\Galerie\záloha\Sadba\album\res\loader.gif
[2013.03.19 20:15:17 | 000,010,819 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\components\com_jvotesystem\assistant\assets\images\ajax-loader.gif
[2013.03.19 20:15:18 | 000,003,561 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\components\com_jvotesystem\classes\loader.php
[2013.03.19 20:34:05 | 000,009,621 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\libraries\loader.php
[2013.03.19 20:31:33 | 000,000,584 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\media\system\images\mootree_loader.gif
[2013.03.19 20:31:24 | 000,006,278 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\media\system\js\uploader-uncompressed.js
[2013.03.19 20:31:25 | 000,005,024 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\media\system\js\uploader.js
[2013.03.19 20:31:21 | 000,010,222 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\media\system\swf\uploader.swf
[2011.11.17 14:50:34 | 000,000,232 | ---- | M] () -- \Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.12.04 16:00:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.12.04 16:00:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.12.04 16:00:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2013.12.11 16:54:56 | 000,141,780 | ---- | M] () -- \Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\91_monetizationLoader.js.js
[2013.12.14 12:26:50 | 000,142,346 | ---- | M] () -- \Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\91_monetizationLoader.js.js
[2010.04.13 08:39:32 | 000,003,208 | ---- | M] () -- \Users\Muflon\AppData\Roaming\JAlbum\skins\Galleria\styles\Dark\loader.gif
[2010.04.13 08:39:32 | 000,003,208 | ---- | M] () -- \Users\Muflon\AppData\Roaming\JAlbum\skins\Galleria\styles\Light\loader.gif
[2013.12.05 10:21:58 | 000,142,346 | ---- | M] () -- \Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\91_monetizationLoader.js.js
[2012.09.17 18:23:16 | 000,003,671 | ---- | M] () -- \Users\Muflon\Downloads\pokus\administrator\components\com_akeeba\akeeba\autoloader.php
[2012.09.15 18:12:16 | 000,008,750 | ---- | M] () -- \Users\Muflon\Downloads\pokus\administrator\components\com_phocadownload\assets\upload\uploader.js
[2012.09.15 18:21:40 | 000,002,513 | ---- | M] () -- \Users\Muflon\Downloads\pokus\administrator\components\com_phocagallery\libraries\loader.php
[2012.09.15 18:21:38 | 000,000,668 | ---- | M] () -- \Users\Muflon\Downloads\pokus\components\com_phocagallery\assets\js\highslide\graphics\loader.gif
[2012.09.15 18:21:38 | 000,000,673 | ---- | M] () -- \Users\Muflon\Downloads\pokus\components\com_phocagallery\assets\js\highslide\graphics\loader.white.gif
[2012.06.19 15:09:30 | 000,009,621 | ---- | M] () -- \Users\Muflon\Downloads\pokus\libraries\loader.php
[2012.06.19 15:09:30 | 000,000,584 | ---- | M] () -- \Users\Muflon\Downloads\pokus\media\system\images\mootree_loader.gif
[2012.06.19 15:09:30 | 000,006,278 | ---- | M] () -- \Users\Muflon\Downloads\pokus\media\system\js\uploader-uncompressed.js
[2012.06.19 15:09:30 | 000,005,024 | ---- | M] () -- \Users\Muflon\Downloads\pokus\media\system\js\uploader.js
[2012.06.19 15:09:30 | 000,010,222 | ---- | M] () -- \Users\Muflon\Downloads\pokus\media\system\swf\uploader.swf
[2012.09.05 20:23:38 | 000,001,497 | ---- | M] () -- \Users\Muflon\Downloads\pokus\templates\black_mamba_v11\images\searchbox_loader.gif
[2012.09.05 20:23:38 | 000,001,786 | ---- | M] () -- \Users\Muflon\Downloads\pokus\templates\black_mamba_v11\warp\config\images\loader.gif
[2012.09.05 20:24:56 | 000,001,497 | ---- | M] () -- \Users\Muflon\Downloads\pokus\templates\green_machine\images\searchbox_loader.gif
[2012.09.05 20:24:56 | 000,001,786 | ---- | M] () -- \Users\Muflon\Downloads\pokus\templates\green_machine\warp\config\images\loader.gif
[2013.04.10 20:18:19 | 000,000,500 | ---- | M] () -- \Users\Muflon\Downloads\Virtual\MODIFIED\@PROGRAMFILES@\Google\Google SketchUp 8\Tools\DynamicComponents\ruby\dcloader.rb
[2013.04.10 20:18:20 | 000,001,871 | ---- | M] () -- \Users\Muflon\Downloads\Virtual\MODIFIED\@PROGRAMFILES@\Google\Google SketchUp 8\Tools\ShadowStringsFix\shadowstringsfix_loader.rb
[2013.04.10 20:18:20 | 000,003,949 | ---- | M] () -- \Users\Muflon\Downloads\Virtual\MODIFIED\@PROGRAMFILES@\Google\Google SketchUp 8\Tools\SolarNorth\solarnorth_loader.rb
[2013.04.10 20:18:20 | 000,029,565 | ---- | M] () -- \Users\Muflon\Downloads\Virtual\MODIFIED\@PROGRAMFILES@\Google\Google SketchUp 8\Tools\WebTextures\webtextures_loader.rb
[2013.12.13 22:55:00 | 000,046,616 | ---- | M] () -- \Windows\Prefetch\IWEBAR-CODEDOWNLOADER.EXE-9E8E116B.pf
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2013.12.14 11:39:44 | 000,001,464 | ---- | M] () -- \Windows\Tasks\iWebar-codedownloader.job
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.26 19:40:31 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.26 19:40:31 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.26 19:40:31 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.26 19:40:31 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.26 19:40:31 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2009.07.14 06:37:37 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009.07.14 06:37:37 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2009.07.14 06:37:37 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2009.07.14 06:37:37 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2009.07.14 06:37:37 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2009.07.14 03:58:45 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009.07.14 03:58:45 | 000,641,088 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.efi_75834aa0
[2009.07.14 03:58:45 | 000,604,192 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.exe_75835076
[2009.07.14 03:58:45 | 000,557,136 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.efi_85cd069f
[2009.07.14 03:58:45 | 000,518,352 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.26 19:38:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 03:44:20 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009.07.14 03:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.09.17 18:23:17 | 000,003,671 | ---- | M] () -- \xampp\htdocs\archive\joomla\administrator\components\com_akeeba\akeeba\autoloader.php
[2012.09.17 18:23:17 | 000,003,671 | ---- | M] () -- \xampp\htdocs\joomla\administrator\components\com_akeeba\akeeba\autoloader.php
[2012.09.15 18:12:16 | 000,008,750 | ---- | M] () -- \xampp\htdocs\joomla\administrator\components\com_phocadownload\assets\upload\uploader.js
[2012.09.15 18:21:40 | 000,002,513 | ---- | M] () -- \xampp\htdocs\joomla\administrator\components\com_phocagallery\libraries\loader.php
[2012.09.25 21:34:55 | 000,010,819 | ---- | M] () -- \xampp\htdocs\joomla\components\com_jvotesystem\assistant\assets\images\ajax-loader.gif
[2012.09.25 21:34:55 | 000,003,561 | ---- | M] () -- \xampp\htdocs\joomla\components\com_jvotesystem\classes\loader.php
[2012.09.15 18:21:39 | 000,000,668 | ---- | M] () -- \xampp\htdocs\joomla\components\com_phocagallery\assets\js\highslide\graphics\loader.gif
[2012.09.15 18:21:39 | 000,000,673 | ---- | M] () -- \xampp\htdocs\joomla\components\com_phocagallery\assets\js\highslide\graphics\loader.white.gif
[2012.06.19 15:09:30 | 000,009,621 | ---- | M] () -- \xampp\htdocs\joomla\libraries\loader.php
[2012.06.19 15:09:30 | 000,000,584 | ---- | M] () -- \xampp\htdocs\joomla\media\system\images\mootree_loader.gif
[2012.06.19 15:09:30 | 000,006,278 | ---- | M] () -- \xampp\htdocs\joomla\media\system\js\uploader-uncompressed.js
[2012.06.19 15:09:30 | 000,005,024 | ---- | M] () -- \xampp\htdocs\joomla\media\system\js\uploader.js
[2012.06.19 15:09:30 | 000,010,222 | ---- | M] () -- \xampp\htdocs\joomla\media\system\swf\uploader.swf
[2012.09.05 20:23:38 | 000,001,497 | ---- | M] () -- \xampp\htdocs\joomla\templates\black_mamba_v11\images\searchbox_loader.gif
[2012.09.05 20:23:38 | 000,001,786 | ---- | M] () -- \xampp\htdocs\joomla\templates\black_mamba_v11\warp\config\images\loader.gif
[2012.09.05 20:24:57 | 000,001,497 | ---- | M] () -- \xampp\htdocs\joomla\templates\green_machine\images\searchbox_loader.gif
[2012.09.05 20:24:57 | 000,001,786 | ---- | M] () -- \xampp\htdocs\joomla\templates\green_machine\warp\config\images\loader.gif
[2011.02.26 19:00:42 | 000,008,192 | ---- | M] () -- \xampp\mailtodisk\_win32sysloader.pyd
[2012.04.16 16:30:18 | 000,068,096 | ---- | M] () -- \xampp\MercuryMail\loader.exe
[2012.06.06 13:30:30 | 000,015,009 | ---- | M] () -- \xampp\perl\lib\AutoLoader.pm
[2012.06.06 13:30:30 | 000,025,696 | ---- | M] () -- \xampp\perl\lib\DynaLoader.pm
[2012.06.06 13:30:30 | 000,017,377 | ---- | M] () -- \xampp\perl\lib\SelfLoader.pm
[2012.06.06 13:30:30 | 000,010,589 | ---- | M] () -- \xampp\perl\lib\XSLoader.pm
[2012.06.06 13:30:30 | 000,000,490 | ---- | M] () -- \xampp\perl\lib\Locale\Maketext\GutsLoader.pm
[2012.04.16 16:30:18 | 000,005,746 | ---- | M] () -- \xampp\perl\vendor\lib\Class\Loader.pm
[2012.04.16 16:30:18 | 000,000,648 | ---- | M] () -- \xampp\perl\vendor\lib\Class\LoaderTest.pm
[2012.06.06 13:30:30 | 000,024,325 | ---- | M] () -- \xampp\perl\vendor\lib\YAML\Loader.pm
[2012.04.16 16:30:18 | 000,004,896 | ---- | M] () -- \xampp\php\pear\Crypt\RSA\MathLoader.php
[2012.04.16 16:30:18 | 000,006,565 | ---- | M] () -- \xampp\php\pear\PEAR\Autoloader.php
[2012.04.16 16:30:18 | 000,066,585 | ---- | M] () -- \xampp\php\pear\PEAR\Downloader.php
[2012.06.15 07:53:52 | 000,017,796 | ---- | M] () -- \xampp\tomcat\webapps\docs\class-loader-howto.html
[2012.06.15 07:53:52 | 000,013,822 | ---- | M] () -- \xampp\tomcat\webapps\docs\config\loader.html
========== Alternate Data Streams ==========
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
< End of report >
log OTL
OTL logfile created on: 14.12.2013 12:11:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Muflon\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 62,73% Memory free
8,00 Gb Paging File | 6,10 Gb Available in Paging File | 76,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 31,90 Gb Free Space | 6,85% Space Free | Partition Type: NTFS
Drive H: | 931,48 Gb Total Space | 724,33 Gb Free Space | 77,76% Space Free | Partition Type: NTFS
Computer Name: MUMACHINE | User Name: Muflon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2013.12.14 12:08:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Muflon\Desktop\OTL.exe
PRC - [2013.12.09 17:21:49 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.12.09 17:21:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.11.16 14:20:50 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.11.05 20:47:35 | 004,287,536 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013.10.22 09:17:10 | 003,684,488 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2013.10.22 09:17:02 | 002,777,736 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2013.10.09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.12.04 17:20:52 | 000,773,728 | ---- | M] (ZONER software) -- C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
PRC - [2012.09.25 18:57:30 | 000,474,208 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012.09.25 18:52:20 | 000,724,576 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012.09.06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.13 16:53:50 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2012.05.23 07:00:00 | 003,791,824 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2007.06.11 10:25:42 | 006,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2007.05.30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
========== Modules (No Company Name) ==========
MOD - [2013.12.09 17:21:50 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013.12.04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013.12.04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013.12.04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013.12.04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013.12.04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013.11.16 14:20:50 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.11.05 20:47:35 | 004,287,536 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
========== Services (SafeList) ==========
SRV:64bit: - [2013.12.09 17:21:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.12.11 11:45:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.11.16 14:20:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.10.22 09:17:18 | 001,149,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2013.10.09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013.01.08 11:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.25 18:57:30 | 000,474,208 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.09.06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.05.30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.12.09 17:21:52 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.12.09 17:21:52 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.12.09 17:21:52 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.12.09 17:21:52 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.12.09 17:21:52 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.12.09 17:21:52 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.12.09 17:21:52 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.12.09 17:21:51 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.11.03 19:08:58 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2013.03.06 23:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.11.02 17:41:06 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.06.13 16:51:42 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.05.30 13:10:42 | 000,014,072 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AvgAsC64.sys -- (AvgAsC64)
DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.05.30 13:10:42 | 000,012,024 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys -- (AVG Anti-Spyware Driver)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.certified-toolbar.com?si= ... earchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.certified-toolbar.com?si= ... earchTerms}
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... cale=en_EU
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: 7go%407go.com:1.0.0.1
FF - prefs.js..extensions.enabledAddons: 2eb528f3-950d-48a3-be4b-5d7de6c8331e%40a41e199b-6ca4-4d23-ab87-73f2d1973314.com:0.93.174
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://search.tb.ask.com/search/GGmain. ... searchfor="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.12.09 17:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.06.11 20:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muflon\AppData\Roaming\Mozilla\Extensions
[2013.12.12 17:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions
[2013.12.12 17:57:19 | 000,000,000 | ---D | M] ("iWebar") -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com
[2013.12.13 11:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData
[2013.12.13 11:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins
[2013.12.13 11:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\userCode
[2013.10.08 09:37:00 | 000,161,536 | ---- | M] () (No name found) -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\7go@7go.com.xpi
[2013.07.24 18:00:56 | 000,009,624 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\searchplugins\ask-web-search.xml
[2010.12.20 10:44:24 | 000,002,254 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\searchplugins\askcom.xml
[2012.11.20 22:05:46 | 000,003,269 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\searchplugins\Web Search.xml
[2013.11.16 14:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.11.16 14:20:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.11.16 14:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.11.16 14:20:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.11.16 14:20:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.11.20 22:05:46 | 000,003,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Dokumenty Google = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disk Google = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: iWebar = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\crossrider
CHR - Extension: iWebar = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: avast! Online Security = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Skype Click to Call = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013.09.13 20:04:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (iWebar) - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho64.dll (iWebar)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (iWebar) - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho.dll (iWebar)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AutoKMS] C:\Windows\AutoKMS.exe ()
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Nástroj WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe (ZONER software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E749FD25-7805-4D84-8E9B-4370AA6C644B}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.11.03 17:44:22 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.mp4e - C:\Windows\SysWow64\MPEG4Evfw.dll ()
Drivers32: vidc.pDAD - C:\Windows\SysWow64\prodad-codec.dll (proDAD GmbH)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2013.12.14 12:08:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Muflon\Desktop\OTL.exe
[2013.12.13 22:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.12.13 22:33:24 | 000,000,000 | ---D | C] -- C:\rsit
[2013.12.11 16:56:04 | 000,000,000 | ---D | C] -- C:\Users\Muflon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SysPlayer
[2013.12.11 16:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SysPlayer
[2013.12.11 16:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iWebar
[2013.12.11 16:54:25 | 000,000,000 | ---D | C] -- C:\Users\Muflon\AppData\Local\CrashRpt
[2013.12.11 16:53:11 | 000,000,000 | ---D | C] -- C:\Users\Muflon\AppData\Roaming\BitTorrent
[2013.12.09 17:23:43 | 000,000,000 | ---D | C] -- C:\Users\Muflon\AppData\Roaming\AVAST Software
[2013.12.09 17:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013.12.09 17:22:05 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.12.09 17:22:04 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.12.09 17:22:04 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.12.09 17:22:04 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.12.09 17:22:03 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.12.09 17:22:03 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.12.09 17:21:51 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2013.12.14 12:16:07 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.12.14 12:08:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Muflon\Desktop\OTL.exe
[2013.12.14 12:07:41 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cec44755b7739f.job
[2013.12.14 11:46:27 | 001,575,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.12.14 11:46:27 | 000,665,706 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.12.14 11:46:27 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.12.14 11:46:27 | 000,139,402 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.12.14 11:46:27 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.12.14 11:45:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.14 11:44:48 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.14 11:44:48 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.14 11:39:44 | 000,001,464 | ---- | M] () -- C:\Windows\tasks\iWebar-codedownloader.job
[2013.12.14 11:39:39 | 000,002,230 | ---- | M] () -- C:\Windows\tasks\iWebar-firefoxinstaller.job
[2013.12.14 11:39:39 | 000,001,364 | ---- | M] () -- C:\Windows\tasks\iWebar-enabler.job
[2013.12.14 11:39:37 | 000,002,164 | ---- | M] () -- C:\Windows\tasks\iWebar-chromeinstaller.job
[2013.12.14 11:39:36 | 000,001,562 | ---- | M] () -- C:\Windows\tasks\iWebar-updater.job
[2013.12.14 11:39:35 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.14 11:39:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.14 11:39:14 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.11 16:56:04 | 000,001,023 | ---- | M] () -- C:\Users\Muflon\Desktop\SysPlayer.lnk
[2013.12.11 16:54:25 | 000,000,873 | ---- | M] () -- C:\Users\Muflon\Desktop\BitTorrent.lnk
[2013.12.11 11:45:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.12.11 11:45:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.12.10 21:54:48 | 000,620,281 | ---- | M] () -- C:\Users\Muflon\Desktop\Andik.jpg
[2013.12.10 21:52:55 | 000,578,043 | ---- | M] () -- C:\Users\Muflon\Desktop\lampion2.jpg
[2013.12.10 21:52:06 | 000,316,144 | ---- | M] () -- C:\Users\Muflon\Desktop\lampion.jpg
[2013.12.10 21:50:09 | 001,136,220 | ---- | M] () -- C:\Users\Muflon\Desktop\Spacir3.jpg
[2013.12.10 21:48:58 | 000,459,358 | ---- | M] () -- C:\Users\Muflon\Desktop\Spacir2.jpg
[2013.12.10 21:47:49 | 000,838,392 | ---- | M] () -- C:\Users\Muflon\Desktop\Spacir1.jpg
[2013.12.09 17:22:23 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.12.09 17:21:52 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.12.09 17:21:52 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.12.09 17:21:52 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.12.09 17:21:52 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.12.09 17:21:52 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.12.09 17:21:52 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.12.09 17:21:52 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.12.09 17:21:51 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.12.09 17:21:51 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.12.09 17:21:51 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.12.14 12:16:07 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.12.11 16:56:04 | 000,001,023 | ---- | C] () -- C:\Users\Muflon\Desktop\SysPlayer.lnk
[2013.12.11 16:55:25 | 000,001,562 | ---- | C] () -- C:\Windows\tasks\iWebar-updater.job
[2013.12.11 16:55:20 | 000,001,364 | ---- | C] () -- C:\Windows\tasks\iWebar-enabler.job
[2013.12.11 16:55:15 | 000,001,464 | ---- | C] () -- C:\Windows\tasks\iWebar-codedownloader.job
[2013.12.11 16:54:59 | 000,002,230 | ---- | C] () -- C:\Windows\tasks\iWebar-firefoxinstaller.job
[2013.12.11 16:54:49 | 000,002,164 | ---- | C] () -- C:\Windows\tasks\iWebar-chromeinstaller.job
[2013.12.11 16:54:25 | 000,000,873 | ---- | C] () -- C:\Users\Muflon\Desktop\BitTorrent.lnk
[2013.12.10 21:54:43 | 000,620,281 | ---- | C] () -- C:\Users\Muflon\Desktop\Andik.jpg
[2013.12.10 21:52:53 | 000,578,043 | ---- | C] () -- C:\Users\Muflon\Desktop\lampion2.jpg
[2013.12.10 21:52:04 | 000,316,144 | ---- | C] () -- C:\Users\Muflon\Desktop\lampion.jpg
[2013.12.10 21:50:07 | 001,136,220 | ---- | C] () -- C:\Users\Muflon\Desktop\Spacir3.jpg
[2013.12.10 21:48:57 | 000,459,358 | ---- | C] () -- C:\Users\Muflon\Desktop\Spacir2.jpg
[2013.12.10 21:47:43 | 000,838,392 | ---- | C] () -- C:\Users\Muflon\Desktop\Spacir1.jpg
[2013.12.09 17:22:23 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.12.09 17:22:05 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.12.09 17:22:05 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.11.09 08:20:12 | 001,553,692 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.11.05 20:20:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013.11.05 20:19:36 | 000,061,208 | ---- | C] () -- C:\Windows\SysWow64\MPEG4E-uninstall.exe
[2013.11.03 20:53:06 | 000,615,936 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2013.11.03 20:53:06 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013.09.13 20:03:13 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2013.09.13 20:03:13 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2013.09.13 20:03:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2013.09.13 19:10:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.09.13 19:10:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.09.13 19:10:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.09.13 19:10:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.09.13 19:10:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.30 23:07:13 | 000,014,848 | ---- | C] () -- C:\Users\Muflon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.28 20:33:13 | 000,000,174 | ---- | C] () -- C:\Windows\ESTIMATE-SETTING.INI
[2012.12.28 20:33:13 | 000,000,160 | ---- | C] () -- C:\Windows\ALIGN-SETTING.INI
[2012.12.28 20:33:13 | 000,000,106 | ---- | C] () -- C:\Windows\LIMIT-SETTING.INI
[2012.11.20 22:05:49 | 000,015,432 | ---- | C] () -- C:\Windows\Launcher.exe
[2012.08.28 19:44:37 | 000,000,291 | ---- | C] () -- C:\Users\Muflon\.jalbum-recent-projects.properties
[2012.08.28 18:36:18 | 000,000,482 | ---- | C] () -- C:\Users\Muflon\.jalbum-ftp-accounts.xml
[2012.08.28 17:40:29 | 000,004,316 | ---- | C] () -- C:\Users\Muflon\.jalbum-defaults.jap
[2012.06.14 20:03:15 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.10 19:41:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.03.19 10:50:21 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Ashampoo
[2013.12.09 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\AVAST Software
[2013.12.11 18:20:57 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\BitTorrent
[2013.12.02 19:24:33 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO
[2013.09.11 20:28:13 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\calibre
[2012.06.25 20:00:33 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Canon
[2012.11.02 17:42:33 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\DAEMON Tools Lite
[2013.10.08 11:47:35 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\File Scout
[2012.06.12 17:24:51 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\GHISLER
[2013.11.03 18:38:24 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Grisoft
[2012.08.28 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\JAlbum
[2012.08.28 21:40:40 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Jalbum AB
[2013.09.17 21:20:51 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\ObviousIdea
[2013.08.24 06:45:04 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\PerformerSoft
[2012.11.25 18:35:19 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\PhotoScape
[2013.09.12 19:58:44 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Posta
[2012.11.20 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Sony
[2013.08.23 18:36:24 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\SpeedAnalysis2
[2013.11.03 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Spyware Terminator
[2013.05.22 16:59:24 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\VitySoft
[2013.11.05 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\VSO
[2013.01.27 14:42:44 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Wargaming.net
[2012.12.28 20:57:07 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Zoner
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,596 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.11 20:57:09 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.07.04 11:16:00 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.10.08 17:56:30 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec44755b7739f.job
[2013.12.11 16:54:49 | 000,002,164 | ---- | C] () -- C:\Windows\Tasks\iWebar-chromeinstaller.job
[2013.12.11 16:54:59 | 000,002,230 | ---- | C] () -- C:\Windows\Tasks\iWebar-firefoxinstaller.job
[2013.12.11 16:55:15 | 000,001,464 | ---- | C] () -- C:\Windows\Tasks\iWebar-codedownloader.job
[2013.12.11 16:55:20 | 000,001,364 | ---- | C] () -- C:\Windows\Tasks\iWebar-enabler.job
[2013.12.11 16:55:25 | 000,001,562 | ---- | C] () -- C:\Windows\Tasks\iWebar-updater.job
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\ERDNT\cache64\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\SysNative\drivers\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
< >
< %systemroot%*.* /U /s >
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[2236 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.06.10 20:56:59 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Adobe
[2013.08.22 21:58:26 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Apple Computer
[2013.03.19 10:50:21 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Ashampoo
[2013.12.09 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\AVAST Software
[2013.12.11 18:20:57 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\BitTorrent
[2013.12.02 19:24:33 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO
[2013.09.11 20:28:13 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\calibre
[2012.06.25 20:00:33 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Canon
[2012.11.02 17:42:33 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\DAEMON Tools Lite
[2013.10.08 11:47:35 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\File Scout
[2012.06.12 17:24:51 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\GHISLER
[2013.04.10 20:25:11 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Google
[2013.11.03 18:38:24 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Grisoft
[2012.09.08 14:00:06 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Identities
[2012.11.19 22:14:40 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\InstallShield
[2012.08.28 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\JAlbum
[2012.08.28 21:40:40 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Jalbum AB
[2012.06.10 19:50:35 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Macromedia
[2009.07.14 08:45:14 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Media Center Programs
[2013.11.09 08:31:27 | 000,000,000 | --SD | M] -- C:\Users\Muflon\AppData\Roaming\Microsoft
[2013.02.16 12:07:20 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Mozilla
[2012.09.16 22:01:36 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Nero
[2013.09.17 21:20:51 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\ObviousIdea
[2013.08.24 06:45:04 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\PerformerSoft
[2012.11.25 18:35:19 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\PhotoScape
[2013.09.12 19:58:44 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Posta
[2013.10.20 21:32:09 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Skype
[2012.11.20 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Sony
[2012.11.19 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Sony Corporation
[2013.08.23 18:36:24 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\SpeedAnalysis2
[2013.11.03 19:08:56 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Spyware Terminator
[2013.05.22 16:59:24 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\VitySoft
[2013.11.05 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\VSO
[2013.01.27 14:42:44 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Wargaming.net
[2012.06.11 20:34:57 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\WinRAR
[2012.12.28 20:57:07 | 000,000,000 | ---D | M] -- C:\Users\Muflon\AppData\Roaming\Zoner
< %APPDATA%\*.exe /s >
[2013.12.11 16:54:25 | 001,137,240 | ---- | M] (BitTorrent Inc.) -- C:\Users\Muflon\AppData\Roaming\BitTorrent\BitTorrent.exe
[2013.12.11 16:54:25 | 001,137,240 | ---- | M] (BitTorrent Inc.) -- C:\Users\Muflon\AppData\Roaming\BitTorrent\updates\7.8.2_30265.exe
[2013.12.11 16:54:32 | 000,895,328 | ---- | M] (BitTorrent Inc.) -- C:\Users\Muflon\AppData\Roaming\BitTorrent\updates\7.8.2_30332.exe
[2009.08.11 20:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\AC3 Filter\ac3config.exe
[2009.08.11 20:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\AC3 Filter\spdif_test.exe
[2010.03.22 13:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\AC3 Filter\unins000.exe
[2010.02.23 16:01:52 | 001,185,871 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\FFDShow\unins000.exe
[2010.08.14 09:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\Haali media splitter\dsmux.exe
[2010.08.14 09:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\Haali media splitter\gdsmux.exe
[2010.08.14 09:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\Haali media splitter\mkv2vfr.exe
[2010.09.30 14:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\BSplayer PRO\Haali media splitter\uninstall.exe
[2013.08.23 18:36:04 | 000,062,902 | ---- | M] () -- C:\Users\Muflon\AppData\Roaming\File Scout\uninst.exe
[2013.11.09 08:31:27 | 000,029,926 | R--- | M] () -- C:\Users\Muflon\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2013.11.09 08:34:44 | 000,405,504 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Muflon\AppData\Roaming\Microsoft\Installer\{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}\ARPPRODUCTICON.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2013.12.14 12:45:05 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.12.14 11:39:35 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.12.14 12:07:41 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec44755b7739f.job
[2013.12.14 11:39:37 | 000,002,164 | ---- | M] () -- C:\Windows\Tasks\iWebar-chromeinstaller.job
[2013.12.14 11:39:44 | 000,001,464 | ---- | M] () -- C:\Windows\Tasks\iWebar-codedownloader.job
[2013.12.14 11:39:39 | 000,001,364 | ---- | M] () -- C:\Windows\Tasks\iWebar-enabler.job
[2013.12.14 11:39:39 | 000,002,230 | ---- | M] () -- C:\Windows\Tasks\iWebar-firefoxinstaller.job
[2013.12.14 11:39:36 | 000,001,562 | ---- | M] () -- C:\Windows\Tasks\iWebar-updater.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2012.04.17 16:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd)
"Pando Media Booster" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe -- [2013.11.05 20:47:35 | 004,287,536 | ---- | M] ()
"Zoner Photo Studio Autoupdate" = C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE -- [2012.12.04 17:20:52 | 000,773,728 | ---- | M] (ZONER software)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.11.16 14:20:50 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=077D59BA0FD4007E841B6C670862B065 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.07.14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) MD5=376A9B411BF8B77D5BF84B24D0C7DACD -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.12.14 12:16:07 | 000,000,512 | ---- | M] () MD5=71F853DD34F613707D9FF825B29CDE3B -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2011.08.17 12:10:48 | 000,000,122 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Turtle\styles\Cracking.css
[2011.10.05 14:35:40 | 000,000,206 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Turtle\styles\Cracking.jap
[2011.09.15 10:53:58 | 000,021,054 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Turtle\styles\Cracking.jpg
[2010.06.14 13:49:08 | 000,004,690 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFx\HfxXML\65 - Patriotic-FireCracker.png
[2010.06.14 13:49:08 | 000,005,254 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFx\HfxXML\70 - Foods-Crackers.png
[2010.06.22 05:19:14 | 000,000,736 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFx\HfxXML\Crackers.xml
[2010.06.22 05:19:16 | 000,000,756 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFx\HfxXML\FireCracker.xml
[2012.02.02 15:16:26 | 000,009,987 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\Cracked Slab - Animated Slab.png
[2012.02.02 15:16:26 | 000,014,913 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\Cracked Slab - Cracked Slab.png
[2012.02.02 15:16:26 | 000,012,305 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\Cracked Slab - Horizontal Slab.png
[2012.02.02 15:16:26 | 000,012,608 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\Cracked Slab - Red Slab.png
[2012.02.02 15:16:26 | 000,011,676 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\Cracked Slab.png
[2011.10.21 12:18:12 | 000,009,561 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\CrackedSlab3D.fxt
[2012.02.02 15:16:26 | 000,006,719 | ---- | M] () -- \Program Files (x86)\Pinnacle\Studio 16\plugins\RTFXV2\Base\RTFxFilters\Stained Glass - Big Crack.png
[2011.08.17 12:10:48 | 000,000,122 | ---- | M] () -- \Users\Muflon\AppData\Roaming\JAlbum\skins\Turtle\styles\Cracking.css
[2011.10.05 14:35:40 | 000,000,206 | ---- | M] () -- \Users\Muflon\AppData\Roaming\JAlbum\skins\Turtle\styles\Cracking.jap
[2011.09.15 10:53:58 | 000,021,054 | ---- | M] () -- \Users\Muflon\AppData\Roaming\JAlbum\skins\Turtle\styles\Cracking.jpg
[2013.05.22 16:59:26 | 000,005,369 | ---- | M] () -- \Users\Muflon\AppData\Roaming\VitySoft\FRD\plugins\crackle.frp
[2010.03.05 06:37:46 | 000,010,179 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Effects\65 - Patriotic\FireCracker.hfx
[2010.03.05 06:37:46 | 000,008,201 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Effects\70 - Foods\Crackers.hfx
[2010.03.05 06:45:04 | 001,543,882 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Food\Cracker.hfo
[2010.03.05 06:45:06 | 000,026,143 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker BAM.hfo
[2010.03.05 06:45:06 | 000,027,267 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker bottom.hfo
[2010.03.05 06:45:06 | 000,080,879 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker top.hfo
[2012.06.20 10:11:30 | 000,811,885 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX - Exploze a požáry\Fire Crackle.mp3
[2012.06.20 10:11:28 | 000,159,750 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Gag\Whip Crack Vx.mp3
[2012.06.20 10:11:28 | 000,159,750 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Gag\Whip Crack.mp3
[2012.06.20 10:11:30 | 000,115,740 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Hrající si děti\Bat Crack.mp3
[2012.06.20 10:11:28 | 000,077,918 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX - Sport\Baseball - Bat Cracking.mp3
[2012.06.20 10:11:30 | 003,020,460 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Zimní radovánky\Crackling Hearth.mp3
< *keygen* /s >
[2011.02.01 16:28:40 | 000,322,048 | ---- | M] () -- \Users\Muflon\Downloads\Google-SketchUp-Pro-7\Google SketchUp Pro 7\keygen.exe
< *loader* /s >
[2013.01.09 18:20:26 | 000,071,208 | ---- | M] () -- \Games\World_of_Tanks\PhysXLoader.dll
[2013.09.04 19:10:18 | 000,002,221 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\graphicspresetsloader.pyc
[2013.09.04 19:10:18 | 000,007,015 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\guicolorsloader.pyc
[2013.09.04 19:10:18 | 000,003,974 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\guisoundsloader.pyc
[2013.10.24 12:45:58 | 000,006,629 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\logindataloader.pyc
[2013.09.04 19:10:18 | 000,002,773 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\doc_loaders\windowsstoreddataloader.pyc
[2013.09.04 19:10:18 | 000,001,504 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\scaleform\framework\entities\abstract\loadermanagermeta.pyc
[2013.10.24 12:45:58 | 000,006,542 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\gui\scaleform\framework\managers\loaders.pyc
[2013.02.26 17:36:29 | 000,003,668 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\helpers\rssdownloader.pyc
[2013.09.04 19:10:18 | 000,006,907 | ---- | M] () -- \Games\World_of_Tanks\res\scripts\client\tutorial\loader.pyc
[2013.05.29 20:52:30 | 000,071,208 | ---- | M] () -- \Games\World_of_Tanks_CT\PhysXLoader.dll
[2013.05.29 20:52:30 | 000,003,668 | ---- | M] () -- \Games\World_of_Tanks_CT\res\scripts\client\helpers\rssdownloader.pyc
[2013.05.29 20:52:30 | 000,006,463 | ---- | M] () -- \Games\World_of_Tanks_CT\res\scripts\client\tutorial\loader.pyc
[2011.07.08 10:11:10 | 000,044,032 | R--- | M] () -- \Program Files (x86)\Calibre2\DLLs\PyISAPI_loader.dll
[2010.03.24 20:12:34 | 000,249,680 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2010.03.24 20:12:34 | 000,018,264 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2012.11.23 14:20:00 | 000,343,040 | ---- | M] () -- \Program Files (x86)\dm\dm paradies foto\CWImageLoader0.dll
[2013.09.25 09:35:26 | 000,401,920 | ---- | M] () -- \Program Files (x86)\Drogerie TETA\Fotosvet TETA\CWImageLoader0.dll
[2013.09.25 09:35:26 | 000,401,920 | ---- | M] () -- \Program Files (x86)\Fotolab\Fotolab Fotosvet\CWImageLoader0.dll
[2008.11.13 09:38:28 | 000,004,176 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 7\Resources\en-US\searching\ajax-loader.gif
[2008.11.13 09:39:18 | 000,000,500 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 7\Tools\DynamicComponents\ruby\dcloader.rb
[2009.12.29 19:02:28 | 000,028,946 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 7\Tools\WebTextures\webtextures_loader.rb
[2012.12.04 10:55:48 | 000,004,176 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 8\Resources\en-US\searching\ajax-loader.gif
[2012.12.04 10:56:18 | 000,000,228 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 8\Tools\AdvancedCameraTools\actloader.rb
[2012.12.04 10:55:48 | 000,000,513 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 8\Tools\DynamicComponents\ruby\dcloader.rb
[2012.12.04 10:55:48 | 000,001,875 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 8\Tools\ShadowStringsFix\shadowstringsfix_loader.rb
[2012.12.04 10:55:48 | 000,003,953 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 8\Tools\SolarNorth\solarnorth_loader.rb
[2012.12.04 10:55:48 | 000,029,557 | ---- | M] () -- \Program Files (x86)\Google\Google SketchUp 8\Tools\WebTextures\webtextures_loader.rb
[2013.02.09 02:39:28 | 000,000,934 | ---- | M] () -- \Program Files (x86)\Google\Picasa3\runtime\gpuploader_main.fen
[2013.12.11 16:55:09 | 000,523,632 | ---- | M] () -- \Program Files (x86)\iWebar\iWebar-codedownloader.exe
[2010.01.28 10:24:20 | 000,003,208 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Galleria\styles\Dark\loader.gif
[2010.06.23 13:59:26 | 000,003,208 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Galleria\styles\Gray\loader.gif
[2010.01.28 10:24:22 | 000,003,208 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Galleria\styles\Light\loader.gif
[2010.06.23 14:40:46 | 000,003,208 | ---- | M] () -- \Program Files (x86)\Jalbum\skins\Galleria\styles\Red\loader.gif
[2012.09.25 18:53:18 | 000,370,784 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\PMBDownloader.exe
[2012.09.25 18:51:44 | 000,000,012 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\PMBDownloader.ver
[2012.09.25 18:51:44 | 000,000,012 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\PMBServiceUploader.ver
[2012.09.25 18:56:08 | 004,026,464 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\ServiceUploader.dll
[2012.09.25 18:53:20 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\de-DE\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,037,375 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\de-DE\ServiceUploaderStrings.xml
[2012.09.25 18:53:20 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\en-US\PMBDownloaderLOC.dll
[2012.06.05 17:31:50 | 000,034,406 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\en-US\ServiceUploaderStrings.xml
[2012.04.18 17:45:28 | 000,034,069 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\en-US\zal\ServiceUploaderStrings.xml
[2012.09.25 18:53:22 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\es-ES\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,037,748 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\es-ES\ServiceUploaderStrings.xml
[2012.09.25 18:53:22 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\fr-FR\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,038,017 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\fr-FR\ServiceUploaderStrings.xml
[2012.09.25 18:53:24 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\it-IT\PMBDownloaderLOC.dll
[2012.04.18 17:03:28 | 000,036,539 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\it-IT\ServiceUploaderStrings.xml
[2012.09.25 18:53:18 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\ja-JP\PMBDownloaderLOC.dll
[2012.04.18 17:45:28 | 000,040,190 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\ja-JP\ServiceUploaderStrings.xml
[2012.09.25 18:53:24 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\ko-KR\PMBDownloaderLOC.dll
[2012.04.18 17:45:28 | 000,037,691 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\ko-KR\ServiceUploaderStrings.xml
[2012.09.25 18:53:26 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\nl-NL\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,035,795 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\nl-NL\ServiceUploaderStrings.xml
[2012.09.25 18:53:32 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\pl-PL\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,036,670 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\pl-PL\ServiceUploaderStrings.xml
[2012.09.25 18:53:26 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\pt-BR\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,037,352 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\pt-BR\ServiceUploaderStrings.xml
[2012.09.25 18:53:28 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\ru-RU\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,048,492 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\ru-RU\ServiceUploaderStrings.xml
[2012.09.25 18:53:28 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\sv-SE\PMBDownloaderLOC.dll
[2012.03.13 17:42:36 | 000,035,348 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\sv-SE\ServiceUploaderStrings.xml
[2012.09.25 18:53:30 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\zh-CN\PMBDownloaderLOC.dll
[2012.04.18 17:45:28 | 000,033,140 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\zh-CN\ServiceUploaderStrings.xml
[2012.09.25 18:53:30 | 000,009,824 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\zh-TW\PMBDownloaderLOC.dll
[2012.04.18 17:45:28 | 000,033,193 | ---- | M] () -- \Program Files (x86)\Sony\PlayMemories Home\Resources\zh-TW\ServiceUploaderStrings.xml
[2010.03.24 20:35:48 | 000,370,512 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2010.03.24 20:35:48 | 000,018,264 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2012.11.16 10:52:36 | 000,432,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 14:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSPluginLoader.exe
[2012.10.18 16:47:30 | 000,442,368 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 14:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSPluginLoader.exe
[2012.11.16 12:39:34 | 000,193,024 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 14:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPluginLoader.exe
[2012.12.04 17:20:18 | 000,103,520 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\8bfLoader.exe
[2012.12.04 17:20:32 | 000,017,504 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\WICLoader.exe
[2012.12.04 17:21:56 | 000,020,064 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program64\WICLoader.exe
[2011.11.17 14:50:34 | 000,000,232 | ---- | M] () -- \ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.12.04 16:00:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.12.04 16:00:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.12.04 16:00:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2010.04.13 08:39:32 | 000,003,208 | ---- | M] () -- \Stromy\www\Weby\HTML\Galerie\Sadba\album\res\loader.gif
[2010.04.13 08:39:32 | 000,003,208 | ---- | M] () -- \Stromy\www\Weby\HTML\Galerie\záloha\Sadba\album\res\loader.gif
[2013.03.19 20:15:17 | 000,010,819 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\components\com_jvotesystem\assistant\assets\images\ajax-loader.gif
[2013.03.19 20:15:18 | 000,003,561 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\components\com_jvotesystem\classes\loader.php
[2013.03.19 20:34:05 | 000,009,621 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\libraries\loader.php
[2013.03.19 20:31:33 | 000,000,584 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\media\system\images\mootree_loader.gif
[2013.03.19 20:31:24 | 000,006,278 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\media\system\js\uploader-uncompressed.js
[2013.03.19 20:31:25 | 000,005,024 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\media\system\js\uploader.js
[2013.03.19 20:31:21 | 000,010,222 | ---- | M] () -- \Stromy\Záloha webu 19.3.2013\www\media\system\swf\uploader.swf
[2011.11.17 14:50:34 | 000,000,232 | ---- | M] () -- \Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.12.04 16:00:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.12.04 16:00:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.12.04 16:00:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2013.12.11 16:54:56 | 000,141,780 | ---- | M] () -- \Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\91_monetizationLoader.js.js
[2013.12.14 12:26:50 | 000,142,346 | ---- | M] () -- \Users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\91_monetizationLoader.js.js
[2010.04.13 08:39:32 | 000,003,208 | ---- | M] () -- \Users\Muflon\AppData\Roaming\JAlbum\skins\Galleria\styles\Dark\loader.gif
[2010.04.13 08:39:32 | 000,003,208 | ---- | M] () -- \Users\Muflon\AppData\Roaming\JAlbum\skins\Galleria\styles\Light\loader.gif
[2013.12.05 10:21:58 | 000,142,346 | ---- | M] () -- \Users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\91_monetizationLoader.js.js
[2012.09.17 18:23:16 | 000,003,671 | ---- | M] () -- \Users\Muflon\Downloads\pokus\administrator\components\com_akeeba\akeeba\autoloader.php
[2012.09.15 18:12:16 | 000,008,750 | ---- | M] () -- \Users\Muflon\Downloads\pokus\administrator\components\com_phocadownload\assets\upload\uploader.js
[2012.09.15 18:21:40 | 000,002,513 | ---- | M] () -- \Users\Muflon\Downloads\pokus\administrator\components\com_phocagallery\libraries\loader.php
[2012.09.15 18:21:38 | 000,000,668 | ---- | M] () -- \Users\Muflon\Downloads\pokus\components\com_phocagallery\assets\js\highslide\graphics\loader.gif
[2012.09.15 18:21:38 | 000,000,673 | ---- | M] () -- \Users\Muflon\Downloads\pokus\components\com_phocagallery\assets\js\highslide\graphics\loader.white.gif
[2012.06.19 15:09:30 | 000,009,621 | ---- | M] () -- \Users\Muflon\Downloads\pokus\libraries\loader.php
[2012.06.19 15:09:30 | 000,000,584 | ---- | M] () -- \Users\Muflon\Downloads\pokus\media\system\images\mootree_loader.gif
[2012.06.19 15:09:30 | 000,006,278 | ---- | M] () -- \Users\Muflon\Downloads\pokus\media\system\js\uploader-uncompressed.js
[2012.06.19 15:09:30 | 000,005,024 | ---- | M] () -- \Users\Muflon\Downloads\pokus\media\system\js\uploader.js
[2012.06.19 15:09:30 | 000,010,222 | ---- | M] () -- \Users\Muflon\Downloads\pokus\media\system\swf\uploader.swf
[2012.09.05 20:23:38 | 000,001,497 | ---- | M] () -- \Users\Muflon\Downloads\pokus\templates\black_mamba_v11\images\searchbox_loader.gif
[2012.09.05 20:23:38 | 000,001,786 | ---- | M] () -- \Users\Muflon\Downloads\pokus\templates\black_mamba_v11\warp\config\images\loader.gif
[2012.09.05 20:24:56 | 000,001,497 | ---- | M] () -- \Users\Muflon\Downloads\pokus\templates\green_machine\images\searchbox_loader.gif
[2012.09.05 20:24:56 | 000,001,786 | ---- | M] () -- \Users\Muflon\Downloads\pokus\templates\green_machine\warp\config\images\loader.gif
[2013.04.10 20:18:19 | 000,000,500 | ---- | M] () -- \Users\Muflon\Downloads\Virtual\MODIFIED\@PROGRAMFILES@\Google\Google SketchUp 8\Tools\DynamicComponents\ruby\dcloader.rb
[2013.04.10 20:18:20 | 000,001,871 | ---- | M] () -- \Users\Muflon\Downloads\Virtual\MODIFIED\@PROGRAMFILES@\Google\Google SketchUp 8\Tools\ShadowStringsFix\shadowstringsfix_loader.rb
[2013.04.10 20:18:20 | 000,003,949 | ---- | M] () -- \Users\Muflon\Downloads\Virtual\MODIFIED\@PROGRAMFILES@\Google\Google SketchUp 8\Tools\SolarNorth\solarnorth_loader.rb
[2013.04.10 20:18:20 | 000,029,565 | ---- | M] () -- \Users\Muflon\Downloads\Virtual\MODIFIED\@PROGRAMFILES@\Google\Google SketchUp 8\Tools\WebTextures\webtextures_loader.rb
[2013.12.13 22:55:00 | 000,046,616 | ---- | M] () -- \Windows\Prefetch\IWEBAR-CODEDOWNLOADER.EXE-9E8E116B.pf
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2013.12.14 11:39:44 | 000,001,464 | ---- | M] () -- \Windows\Tasks\iWebar-codedownloader.job
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.26 19:40:31 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.26 19:40:31 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.26 19:40:31 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.26 19:40:31 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.26 19:40:31 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2009.07.14 06:37:37 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009.07.14 06:37:37 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2009.07.14 06:37:37 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2009.07.14 06:37:37 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2009.07.14 06:37:37 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2009.07.14 03:58:45 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009.07.14 03:58:45 | 000,641,088 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.efi_75834aa0
[2009.07.14 03:58:45 | 000,604,192 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.exe_75835076
[2009.07.14 03:58:45 | 000,557,136 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.efi_85cd069f
[2009.07.14 03:58:45 | 000,518,352 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.26 19:38:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 03:44:20 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009.07.14 03:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.09.17 18:23:17 | 000,003,671 | ---- | M] () -- \xampp\htdocs\archive\joomla\administrator\components\com_akeeba\akeeba\autoloader.php
[2012.09.17 18:23:17 | 000,003,671 | ---- | M] () -- \xampp\htdocs\joomla\administrator\components\com_akeeba\akeeba\autoloader.php
[2012.09.15 18:12:16 | 000,008,750 | ---- | M] () -- \xampp\htdocs\joomla\administrator\components\com_phocadownload\assets\upload\uploader.js
[2012.09.15 18:21:40 | 000,002,513 | ---- | M] () -- \xampp\htdocs\joomla\administrator\components\com_phocagallery\libraries\loader.php
[2012.09.25 21:34:55 | 000,010,819 | ---- | M] () -- \xampp\htdocs\joomla\components\com_jvotesystem\assistant\assets\images\ajax-loader.gif
[2012.09.25 21:34:55 | 000,003,561 | ---- | M] () -- \xampp\htdocs\joomla\components\com_jvotesystem\classes\loader.php
[2012.09.15 18:21:39 | 000,000,668 | ---- | M] () -- \xampp\htdocs\joomla\components\com_phocagallery\assets\js\highslide\graphics\loader.gif
[2012.09.15 18:21:39 | 000,000,673 | ---- | M] () -- \xampp\htdocs\joomla\components\com_phocagallery\assets\js\highslide\graphics\loader.white.gif
[2012.06.19 15:09:30 | 000,009,621 | ---- | M] () -- \xampp\htdocs\joomla\libraries\loader.php
[2012.06.19 15:09:30 | 000,000,584 | ---- | M] () -- \xampp\htdocs\joomla\media\system\images\mootree_loader.gif
[2012.06.19 15:09:30 | 000,006,278 | ---- | M] () -- \xampp\htdocs\joomla\media\system\js\uploader-uncompressed.js
[2012.06.19 15:09:30 | 000,005,024 | ---- | M] () -- \xampp\htdocs\joomla\media\system\js\uploader.js
[2012.06.19 15:09:30 | 000,010,222 | ---- | M] () -- \xampp\htdocs\joomla\media\system\swf\uploader.swf
[2012.09.05 20:23:38 | 000,001,497 | ---- | M] () -- \xampp\htdocs\joomla\templates\black_mamba_v11\images\searchbox_loader.gif
[2012.09.05 20:23:38 | 000,001,786 | ---- | M] () -- \xampp\htdocs\joomla\templates\black_mamba_v11\warp\config\images\loader.gif
[2012.09.05 20:24:57 | 000,001,497 | ---- | M] () -- \xampp\htdocs\joomla\templates\green_machine\images\searchbox_loader.gif
[2012.09.05 20:24:57 | 000,001,786 | ---- | M] () -- \xampp\htdocs\joomla\templates\green_machine\warp\config\images\loader.gif
[2011.02.26 19:00:42 | 000,008,192 | ---- | M] () -- \xampp\mailtodisk\_win32sysloader.pyd
[2012.04.16 16:30:18 | 000,068,096 | ---- | M] () -- \xampp\MercuryMail\loader.exe
[2012.06.06 13:30:30 | 000,015,009 | ---- | M] () -- \xampp\perl\lib\AutoLoader.pm
[2012.06.06 13:30:30 | 000,025,696 | ---- | M] () -- \xampp\perl\lib\DynaLoader.pm
[2012.06.06 13:30:30 | 000,017,377 | ---- | M] () -- \xampp\perl\lib\SelfLoader.pm
[2012.06.06 13:30:30 | 000,010,589 | ---- | M] () -- \xampp\perl\lib\XSLoader.pm
[2012.06.06 13:30:30 | 000,000,490 | ---- | M] () -- \xampp\perl\lib\Locale\Maketext\GutsLoader.pm
[2012.04.16 16:30:18 | 000,005,746 | ---- | M] () -- \xampp\perl\vendor\lib\Class\Loader.pm
[2012.04.16 16:30:18 | 000,000,648 | ---- | M] () -- \xampp\perl\vendor\lib\Class\LoaderTest.pm
[2012.06.06 13:30:30 | 000,024,325 | ---- | M] () -- \xampp\perl\vendor\lib\YAML\Loader.pm
[2012.04.16 16:30:18 | 000,004,896 | ---- | M] () -- \xampp\php\pear\Crypt\RSA\MathLoader.php
[2012.04.16 16:30:18 | 000,006,565 | ---- | M] () -- \xampp\php\pear\PEAR\Autoloader.php
[2012.04.16 16:30:18 | 000,066,585 | ---- | M] () -- \xampp\php\pear\PEAR\Downloader.php
[2012.06.15 07:53:52 | 000,017,796 | ---- | M] () -- \xampp\tomcat\webapps\docs\class-loader-howto.html
[2012.06.15 07:53:52 | 000,013,822 | ---- | M] () -- \xampp\tomcat\webapps\docs\config\loader.html
========== Alternate Data Streams ==========
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
< End of report >
-
Petr Špatenka
- Návštěvník
- Příspěvky: 9
- Registrován: 13 pro 2013 22:26
Re: 7go malware
Log extras
Log Extras
OTL Extras logfile created on: 14.12.2013 12:11:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Muflon\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 62,73% Memory free
8,00 Gb Paging File | 6,10 Gb Available in Paging File | 76,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 31,90 Gb Free Space | 6,85% Space Free | Partition Type: NTFS
Drive H: | 931,48 Gb Total Space | 724,33 Gb Free Space | 77,76% Space Free | Partition Type: NTFS
Computer Name: MUMACHINE | User Name: Muflon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE prezentace fotografií] -- "C:\Program Files (x86)\Drogerie TETA\Fotosvet TETA\CEWE prezentace fotografií.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm paradies foto] -- "C:\Program Files (x86)\dm\dm paradies foto\dm paradies foto.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet] -- "C:\Program Files (x86)\Fotolab\Fotolab Fotosvet\Fotolab Fotosvet.exe" "%1" ()
Directory [Fotosvet TETA] -- "C:\Program Files (x86)\Drogerie TETA\Fotosvet TETA\Fotosvet TETA.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE prezentace fotografií] -- "C:\Program Files (x86)\Drogerie TETA\Fotosvet TETA\CEWE prezentace fotografií.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm paradies foto] -- "C:\Program Files (x86)\dm\dm paradies foto\dm paradies foto.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet] -- "C:\Program Files (x86)\Fotolab\Fotolab Fotosvet\Fotolab Fotosvet.exe" "%1" ()
Directory [Fotosvet TETA] -- "C:\Program Files (x86)\Drogerie TETA\Fotosvet TETA\Fotosvet TETA.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C45E345-0337-4F25-A466-519D185D1AA9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{131A5A00-F017-4820-B893-A3A3537B5CC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25F97B12-5CBB-4813-A80D-24B9F3D4A96E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33E407D8-4C34-4F97-A7FF-0BC51C5E6859}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A1E2B4F-8ADA-45F6-9864-5A75338E93BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{3FC1E0CD-06A6-44D7-B7AD-42A593D38825}" = lport=10243 | protocol=6 | dir=in | app=system |
"{50146B3C-9B29-48FA-85CA-8EF25C26631E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5BD455A5-2624-40D7-9C00-199C4FDEDA61}" = lport=56759 | protocol=6 | dir=in | name=pando media booster |
"{600C0ED0-3A44-4BD6-B2F5-691DAE35F151}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{723DDFE4-8129-42BC-9364-D92CE03C9512}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{74068E7F-8F45-4609-BFAA-11349DE9B058}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{749642CF-237B-4718-9253-65929289CAC6}" = lport=56759 | protocol=17 | dir=in | name=pando media booster |
"{783374E4-2071-47C8-86A8-7FCAA765312B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{86617926-281A-4CBD-9EE4-AA6F65FBC077}" = lport=137 | protocol=17 | dir=in | app=system |
"{8F16E944-149D-41A4-8774-EB357B4C717F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A32D364-2E1B-4C92-AADF-E7600D6F8BFC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A7B9947D-E341-49C4-A2ED-16A7C0627C16}" = lport=56759 | protocol=6 | dir=in | name=pando media booster |
"{AA04F371-7A81-44C5-9DC2-0EAFFFEC08D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF4AD685-6C69-4209-B8E6-4E9DDE8F49A0}" = lport=138 | protocol=17 | dir=in | app=system |
"{B14AA60A-B154-424B-81AF-85CC8B17BD3D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB6800BB-2A1C-4524-870C-0CB2C1F5B5DE}" = lport=56759 | protocol=17 | dir=in | name=pando media booster |
"{CC59C19B-508F-4540-9F6B-FB2D227E7D95}" = rport=445 | protocol=6 | dir=out | app=system |
"{D8ABD373-BB9D-4ADF-95A1-5F4F799AAC94}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{DA0AEC51-B9C5-478E-838F-BA52D229F29E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E198095F-FDD3-48F2-94CB-A17673423F2B}" = lport=139 | protocol=6 | dir=in | app=system |
"{E720BA26-DF3E-42C9-997D-D2F984B54E9D}" = rport=137 | protocol=17 | dir=out | app=system |
"{EEA2D56B-FB70-4173-8D59-C57E997E5A03}" = rport=138 | protocol=17 | dir=out | app=system |
"{EF8126CD-452D-418B-BDDA-2B02DD3BE390}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08286C17-F9CE-4AB7-B46A-06F3FAAC19F4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0DC44592-60E8-44A6-9583-7DDE22D0D358}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1049E484-4370-4140-923A-1155EA9DF051}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{19EA8082-C1B9-455A-BB51-D996CED81C70}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1CE0B137-8CEC-4E7F-98F6-17020E6415C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23C7E866-0CF1-46C9-8A14-893DB9ECAE1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EA08999-5493-48F8-94A9-8D4F89DF9E5A}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{46B2C53B-F201-44CC-8403-1A626E9C79AD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54E57EE8-AA66-45E9-BC12-1A475B2926D9}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{56F669A2-E1A6-48D3-8B7A-2692F42011F3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{57314522-4CF9-4CF7-A1C0-6DAF226AF831}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{5D63BC46-52A1-4B33-8956-2A6CACBB8D2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6787D98E-5915-40CF-BD14-4EBBEBA46D61}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{68C1930D-EECA-4691-A51E-35E30640F2A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{696EC2BF-6A08-42F9-B12B-C640896E247F}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe |
"{71660C29-90C0-4C61-8872-BFF9F400FAD5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{759C550F-F447-4537-A00E-BBAB30351F61}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{76AED406-DB5C-42EF-A793-E00A98865FFD}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{7E918B3D-1C80-487C-84E6-4FF961B43FD0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{83458C38-C97F-42AE-B92F-DDD369926223}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85358DF0-9807-4FBE-BA32-E37F607644D0}" = protocol=6 | dir=in | app=c:\users\muflon\appdata\roaming\bittorrent\bittorrent.exe |
"{8819517A-8E90-45E1-991E-36C26DCE8629}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8F46442F-6F18-4361-8102-A05FE807BA2D}" = protocol=17 | dir=in | app=c:\users\muflon\appdata\roaming\bittorrent\bittorrent.exe |
"{91D9551B-3433-452D-954A-E00FBB55AE6D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A51EBED6-8331-44D9-8F05-DBC49F508A09}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{A8EA1B8E-076A-4E24-BA4F-D2EBB4A4ACFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB2844A2-DEA5-4881-A8FF-08625C04E25A}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{AE9D0711-C788-4F6F-8B3B-8946C855F5ED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B558E1E1-38A2-4A16-BDA0-BBF6A63DFEE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BAD0E3B2-564A-492D-BDA2-C61DE99256D9}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{BCF625BB-9E12-451E-BDCC-A838948240CE}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{BF57F2EA-D4DF-43CE-8996-DF340C4AC39A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA730391-3645-4244-AA90-ED976E2AA5C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE51CF43-407E-49EE-8EDF-5923F3F39776}" = protocol=6 | dir=out | app=system |
"{E03E98DD-FC31-467E-B598-21B3B82C3D84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E66C641C-C252-46DA-A852-BB560A8538F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6C132EE-08A1-4781-B5A1-F205E17F8728}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E7CF9308-5B47-4A58-A307-38B829C2A4C4}" = dir=out | app=c:\program files (x86)\protected search\protectedsearch.exe |
"{F3955491-F3D8-4B00-AF68-E1A4E957D175}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{319AD536-E3EE-4C90-B360-537A8D07B080}C:\Program Files (x86)\XCOM Enemy Unknown\Binaries\Win32\XComGame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe |
"TCP Query User{3B8A4C9B-368F-4F75-889B-149B8E069731}C:\users\muflon\downloads\virtual\stubexe\8.0.1135\@programfiles@\google\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=c:\users\muflon\downloads\virtual\stubexe\8.0.1135\@programfiles@\google\google sketchup 8\sketchup.exe |
"TCP Query User{743D477D-F99B-4A6D-8B3E-2076B98AE9CD}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{7BF30A7A-F0B1-4C78-AAAA-E98DFFF2E821}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe |
"TCP Query User{8D39D260-18AF-4AB1-BD1B-8F03C970AEDA}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{A7743749-465E-468C-88BF-6405ABCA4C0C}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{ABEEFC7E-6ACC-4DBA-A6FF-81C7A61FFC5B}C:\users\muflon\downloads\borderlands-2\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\users\muflon\downloads\borderlands-2\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{B083A98A-B57C-438F-90CA-1CB44F99ABAC}C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\frd.exe |
"TCP Query User{D0FAEA81-3498-4E0E-98D9-24F38FD3BC2B}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{E09786C2-8A35-457B-BD7A-33D191AC0FD8}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{E58D96D3-3C11-4485-BD29-315DABD1245D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{FD040E8D-6ED1-4477-B0A8-57F73514C7AF}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{FD13A458-3C45-4271-BB8D-9D3DC52BFCCB}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{08C10805-06A8-46BF-B309-3B1170586382}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{0D6777ED-FE65-4970-AE3A-30798BEB30E5}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{14BDAB42-6660-4F86-A001-93A9E35CAF1A}C:\users\muflon\downloads\borderlands-2\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\users\muflon\downloads\borderlands-2\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{258C569D-A67A-4662-9A02-366128925041}C:\Program Files (x86)\XCOM Enemy Unknown\Binaries\Win32\XComGame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe |
"UDP Query User{25D81F11-80F6-49D6-921C-1103716E9579}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{2F378BC7-4502-42A3-AB6D-35DFBE87390D}C:\users\muflon\downloads\virtual\stubexe\8.0.1135\@programfiles@\google\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=c:\users\muflon\downloads\virtual\stubexe\8.0.1135\@programfiles@\google\google sketchup 8\sketchup.exe |
"UDP Query User{81DC8FFC-D6D6-415D-941E-35324EB22A6F}C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\frd.exe |
"UDP Query User{8357EA8F-EFA9-44D0-98EA-812F5E930DC6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{B3DD3B55-8A75-4700-BF3E-9DCBF02CC105}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{CE9F9065-71D4-427E-9D88-355510169131}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{E96992DE-B1A3-41B4-953C-D8BA4EBA280C}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{ED1DB50E-3FAC-4A54-9EF5-601E0FAC1EDD}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{ED7539E8-ACF8-4E73-A52F-6004C382C96A}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0405-1000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-1000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-1000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-1000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-1000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0405-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Czech) 2010
"{90140000-0044-0405-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"ZonerPhotoStudio15_CZ_is1" = Zoner Photo Studio 15
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{045D5A51-F07E-4350-8642-B85772A2876B}" = SketchUp Pro 8
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1" = World of Tanks - Common Test
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24A500E4-0B12-4D62-9973-2C7E23CCA750}" = Nero Kwik Media
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 45
"{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}" = Pinnacle Studio 16
"{28A1D7E5-6557-45EF-82A8-694B105880B5}" = PlayMemories Home
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = Nástroje WD Drive Utilities
"{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}" = Pinnacle Studio 16 - Standard Content Pack
"{8172B41A-9BB5-4A64-BF28-1FB5FE43C3FF}" = Software WD Security
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87998E4E-6D9C-411B-AAE9-B8523FFE357D}" = Image Data Converter
"{88C4D8A6-9954-46A0-965D-92E55DAB8734}" = Premium Pack Volumes 1-2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{957917FC-8DBC-4CC6-AAC2-4737BE50F5FE}" = Jalbum
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Czech
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{CA9483A2-742A-4A72-881D-B81C6B1ACB3E}" = Google SketchUp Pro 7
"{D952C4F9-2488-3723-84BE-1BFA907DCAC9}" = Google Talk Plugin
"{E3D181F8-246B-497F-945E-6DB98CBA6677}" = Hollywood FX Volumes 1-3
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.4.3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}" = Pinnacle Studio 16 - Install Manager
"{F6CA69DD-582C-434A-9A3F-5E6E78D21134}" = jAlbum
"{F7214014-27EE-4237-9978-2F9D1551559B}" = Title Extreme
"{FD0D80A3-AFE4-411E-8872-1B70C6963948}" = calibre
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avast" = avast! Free Antivirus
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"BSPlayerp" = BS.Player PRO
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"DAEMON Tools Lite" = DAEMON Tools Lite
"dm paradies foto" = dm paradies foto
"E.M. PowerPoint Video Converter_is1" = E.M. PowerPoint Video Converter 3.20
"Fallout New Vegas_is1" = Fallout New Vegas
"Fotolab Fotosvet" = Fotolab Fotosvet
"Fotosvet TETA" = Fotosvet TETA
"Free Video Converter" = Free Video Converter
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"iWebar" = iWebar
"Mozilla Firefox 25.0.1 (x86 cs)" = Mozilla Firefox 25.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"Nero - Burning Rom!UninstallKey" = Nero - Burning Rom (Web installer)
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Registrace uživatele zařízení Canon MP190 series" = Registrace uživatele zařízení Canon MP190 series
"SysPlayer" = SysPlayer
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"xampp" = XAMPP 1.8.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"RegiStax 6" = RegiStax 6
"RegiStax 6.1.0.8 update" = RegiStax 6.1.0.8 update
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9.8.2013 15:13:49 | Computer Name = Mumachine | Source = Application Error | ID = 1000
Description = Název chybující aplikace: bsplayer.exe, verze: 2.6.2.1068, časové
razítko: 0x2a425e19 Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7600.16385,
časové razítko: 0x4a5bdbdf Kód výjimky: 0x0eedfade Posun chyby: 0x0000b727 ID chybujícího
procesu: 0x13b8 Čas spuštění chybující aplikace: 0x01ce953492379b72 Cesta k chybující
aplikaci: C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe Cesta k chybujícímu
modulu: C:\Windows\syswow64\KERNELBASE.dll ID zprávy: d1ca613f-0127-11e3-bf35-002421deb00b
Error - 16.8.2013 09:37:34 | Computer Name = Mumachine | Source = Application Hang | ID = 1002
Description = Program ZPS.EXE verze 15.0.1.4 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: 1d8 Čas
spuštění: 01ce9a82c0593de2 Čas ukončení: 1092 Cesta k aplikaci: C:\PROGRAM FILES\ZONER\PHOTO
STUDIO 15\PROGRAM64\ZPS.EXE ID hlášení: fa597723-0678-11e3-8624-002421deb00b
Error - 22.8.2013 16:31:48 | Computer Name = Mumachine | Source = MsiInstaller | ID = 10005
Description =
Error - 22.8.2013 16:35:28 | Computer Name = Mumachine | Source = MsiInstaller | ID = 10005
Description =
Error - 22.8.2013 16:35:40 | Computer Name = Mumachine | Source = MsiInstaller | ID = 10005
Description =
Error - 22.8.2013 16:37:19 | Computer Name = Mumachine | Source = MsiInstaller | ID = 10005
Description =
Error - 24.8.2013 01:49:43 | Computer Name = Mumachine | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Aplikaci nebo službu Apple Mobile Device nelze restartovat.
Error - 3.9.2013 12:41:52 | Computer Name = Mumachine | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Šifrování selhala při volání OnIdentity() v objektu System
Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI
Filter Driver. System Error: Systém nemůže nalézt uvedený soubor. .
Error - 13.9.2013 18:59:40 | Computer Name = Mumachine | Source = Application Error | ID = 1000
Description = Název chybující aplikace: PMBBrowser.exe, verze: 6.3.0.9250, časové
razítko: 0x50617d01 Název chybujícího modulu: PMBBrowser.exe, verze: 6.3.0.9250,
časové razítko: 0x50617d01 Kód výjimky: 0xc0000005 Posun chyby: 0x0059b110 ID chybujícího
procesu: 0x5a0 Čas spuštění chybující aplikace: 0x01ceb0b6bed1ca9a Cesta k chybující
aplikaci: C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe ID zprávy:
2af202a0-1cc8-11e3-8517-002421deb00b
Error - 14.9.2013 07:25:04 | Computer Name = Mumachine | Source = Application Hang | ID = 1002
Description = Program wmplayer.exe verze 12.0.7600.16385 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID
procesu: f58 Čas spuštění: 01ceb139ca22b731 Čas ukončení: 19 Cesta k aplikaci: C:\Program
Files (x86)\Windows Media Player\wmplayer.exe ID hlášení: 4a52d8c2-1d30-11e3-8441-002421deb00b
[ Media Center Events ]
Error - 16.11.2013 03:31:59 | Computer Name = Mumachine | Source = MCUpdate | ID = 0
Description = 8:31:55 - Načtení položky Broadband se nezdařilo. (Chyba: Ke vzdálenému
serveru se nelze připojit.)
[ System Events ]
Error - 9.12.2013 14:53:11 | Computer Name = Mumachine | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 9.12.2013 15:42:59 | Computer Name = Mumachine | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (20:40:58, ?9.?12.?2013) bylo neočekávané.
Error - 10.12.2013 13:08:19 | Computer Name = Mumachine | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 10.12.2013 13:56:35 | Computer Name = Mumachine | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (18:55:03, ?10.?12.?2013) bylo neočekávané.
Error - 11.12.2013 13:44:35 | Computer Name = Mumachine | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (18:43:49, ?11.?12.?2013) bylo neočekávané.
Error - 13.12.2013 17:04:29 | Computer Name = Mumachine | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (22:03:36, ?13.?12.?2013) bylo neočekávané.
Error - 14.12.2013 06:44:48 | Computer Name = Mumachine | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby avast! Antivirus bylo dosaženo
časového limitu (30000 ms).
Error - 14.12.2013 06:45:18 | Computer Name = Mumachine | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby WDDriveService bylo dosaženo
časového limitu (30000 ms).
Error - 14.12.2013 07:03:42 | Computer Name = Mumachine | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.
Error - 14.12.2013 07:04:06 | Computer Name = Mumachine | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku H: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.
< End of report >
Log Extras
OTL Extras logfile created on: 14.12.2013 12:11:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Muflon\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 62,73% Memory free
8,00 Gb Paging File | 6,10 Gb Available in Paging File | 76,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 31,90 Gb Free Space | 6,85% Space Free | Partition Type: NTFS
Drive H: | 931,48 Gb Total Space | 724,33 Gb Free Space | 77,76% Space Free | Partition Type: NTFS
Computer Name: MUMACHINE | User Name: Muflon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE prezentace fotografií] -- "C:\Program Files (x86)\Drogerie TETA\Fotosvet TETA\CEWE prezentace fotografií.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm paradies foto] -- "C:\Program Files (x86)\dm\dm paradies foto\dm paradies foto.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet] -- "C:\Program Files (x86)\Fotolab\Fotolab Fotosvet\Fotolab Fotosvet.exe" "%1" ()
Directory [Fotosvet TETA] -- "C:\Program Files (x86)\Drogerie TETA\Fotosvet TETA\Fotosvet TETA.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE prezentace fotografií] -- "C:\Program Files (x86)\Drogerie TETA\Fotosvet TETA\CEWE prezentace fotografií.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm paradies foto] -- "C:\Program Files (x86)\dm\dm paradies foto\dm paradies foto.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet] -- "C:\Program Files (x86)\Fotolab\Fotolab Fotosvet\Fotolab Fotosvet.exe" "%1" ()
Directory [Fotosvet TETA] -- "C:\Program Files (x86)\Drogerie TETA\Fotosvet TETA\Fotosvet TETA.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C45E345-0337-4F25-A466-519D185D1AA9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{131A5A00-F017-4820-B893-A3A3537B5CC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25F97B12-5CBB-4813-A80D-24B9F3D4A96E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33E407D8-4C34-4F97-A7FF-0BC51C5E6859}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A1E2B4F-8ADA-45F6-9864-5A75338E93BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{3FC1E0CD-06A6-44D7-B7AD-42A593D38825}" = lport=10243 | protocol=6 | dir=in | app=system |
"{50146B3C-9B29-48FA-85CA-8EF25C26631E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5BD455A5-2624-40D7-9C00-199C4FDEDA61}" = lport=56759 | protocol=6 | dir=in | name=pando media booster |
"{600C0ED0-3A44-4BD6-B2F5-691DAE35F151}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{723DDFE4-8129-42BC-9364-D92CE03C9512}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{74068E7F-8F45-4609-BFAA-11349DE9B058}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{749642CF-237B-4718-9253-65929289CAC6}" = lport=56759 | protocol=17 | dir=in | name=pando media booster |
"{783374E4-2071-47C8-86A8-7FCAA765312B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{86617926-281A-4CBD-9EE4-AA6F65FBC077}" = lport=137 | protocol=17 | dir=in | app=system |
"{8F16E944-149D-41A4-8774-EB357B4C717F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A32D364-2E1B-4C92-AADF-E7600D6F8BFC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A7B9947D-E341-49C4-A2ED-16A7C0627C16}" = lport=56759 | protocol=6 | dir=in | name=pando media booster |
"{AA04F371-7A81-44C5-9DC2-0EAFFFEC08D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF4AD685-6C69-4209-B8E6-4E9DDE8F49A0}" = lport=138 | protocol=17 | dir=in | app=system |
"{B14AA60A-B154-424B-81AF-85CC8B17BD3D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB6800BB-2A1C-4524-870C-0CB2C1F5B5DE}" = lport=56759 | protocol=17 | dir=in | name=pando media booster |
"{CC59C19B-508F-4540-9F6B-FB2D227E7D95}" = rport=445 | protocol=6 | dir=out | app=system |
"{D8ABD373-BB9D-4ADF-95A1-5F4F799AAC94}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{DA0AEC51-B9C5-478E-838F-BA52D229F29E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E198095F-FDD3-48F2-94CB-A17673423F2B}" = lport=139 | protocol=6 | dir=in | app=system |
"{E720BA26-DF3E-42C9-997D-D2F984B54E9D}" = rport=137 | protocol=17 | dir=out | app=system |
"{EEA2D56B-FB70-4173-8D59-C57E997E5A03}" = rport=138 | protocol=17 | dir=out | app=system |
"{EF8126CD-452D-418B-BDDA-2B02DD3BE390}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08286C17-F9CE-4AB7-B46A-06F3FAAC19F4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0DC44592-60E8-44A6-9583-7DDE22D0D358}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1049E484-4370-4140-923A-1155EA9DF051}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{19EA8082-C1B9-455A-BB51-D996CED81C70}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1CE0B137-8CEC-4E7F-98F6-17020E6415C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23C7E866-0CF1-46C9-8A14-893DB9ECAE1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EA08999-5493-48F8-94A9-8D4F89DF9E5A}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{46B2C53B-F201-44CC-8403-1A626E9C79AD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54E57EE8-AA66-45E9-BC12-1A475B2926D9}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{56F669A2-E1A6-48D3-8B7A-2692F42011F3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{57314522-4CF9-4CF7-A1C0-6DAF226AF831}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{5D63BC46-52A1-4B33-8956-2A6CACBB8D2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6787D98E-5915-40CF-BD14-4EBBEBA46D61}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{68C1930D-EECA-4691-A51E-35E30640F2A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{696EC2BF-6A08-42F9-B12B-C640896E247F}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe |
"{71660C29-90C0-4C61-8872-BFF9F400FAD5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{759C550F-F447-4537-A00E-BBAB30351F61}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{76AED406-DB5C-42EF-A793-E00A98865FFD}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{7E918B3D-1C80-487C-84E6-4FF961B43FD0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{83458C38-C97F-42AE-B92F-DDD369926223}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85358DF0-9807-4FBE-BA32-E37F607644D0}" = protocol=6 | dir=in | app=c:\users\muflon\appdata\roaming\bittorrent\bittorrent.exe |
"{8819517A-8E90-45E1-991E-36C26DCE8629}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8F46442F-6F18-4361-8102-A05FE807BA2D}" = protocol=17 | dir=in | app=c:\users\muflon\appdata\roaming\bittorrent\bittorrent.exe |
"{91D9551B-3433-452D-954A-E00FBB55AE6D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A51EBED6-8331-44D9-8F05-DBC49F508A09}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{A8EA1B8E-076A-4E24-BA4F-D2EBB4A4ACFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB2844A2-DEA5-4881-A8FF-08625C04E25A}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{AE9D0711-C788-4F6F-8B3B-8946C855F5ED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B558E1E1-38A2-4A16-BDA0-BBF6A63DFEE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BAD0E3B2-564A-492D-BDA2-C61DE99256D9}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{BCF625BB-9E12-451E-BDCC-A838948240CE}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{BF57F2EA-D4DF-43CE-8996-DF340C4AC39A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA730391-3645-4244-AA90-ED976E2AA5C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE51CF43-407E-49EE-8EDF-5923F3F39776}" = protocol=6 | dir=out | app=system |
"{E03E98DD-FC31-467E-B598-21B3B82C3D84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E66C641C-C252-46DA-A852-BB560A8538F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6C132EE-08A1-4781-B5A1-F205E17F8728}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E7CF9308-5B47-4A58-A307-38B829C2A4C4}" = dir=out | app=c:\program files (x86)\protected search\protectedsearch.exe |
"{F3955491-F3D8-4B00-AF68-E1A4E957D175}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{319AD536-E3EE-4C90-B360-537A8D07B080}C:\Program Files (x86)\XCOM Enemy Unknown\Binaries\Win32\XComGame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe |
"TCP Query User{3B8A4C9B-368F-4F75-889B-149B8E069731}C:\users\muflon\downloads\virtual\stubexe\8.0.1135\@programfiles@\google\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=c:\users\muflon\downloads\virtual\stubexe\8.0.1135\@programfiles@\google\google sketchup 8\sketchup.exe |
"TCP Query User{743D477D-F99B-4A6D-8B3E-2076B98AE9CD}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{7BF30A7A-F0B1-4C78-AAAA-E98DFFF2E821}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe |
"TCP Query User{8D39D260-18AF-4AB1-BD1B-8F03C970AEDA}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{A7743749-465E-468C-88BF-6405ABCA4C0C}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{ABEEFC7E-6ACC-4DBA-A6FF-81C7A61FFC5B}C:\users\muflon\downloads\borderlands-2\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\users\muflon\downloads\borderlands-2\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{B083A98A-B57C-438F-90CA-1CB44F99ABAC}C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\frd.exe |
"TCP Query User{D0FAEA81-3498-4E0E-98D9-24F38FD3BC2B}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{E09786C2-8A35-457B-BD7A-33D191AC0FD8}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{E58D96D3-3C11-4485-BD29-315DABD1245D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{FD040E8D-6ED1-4477-B0A8-57F73514C7AF}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{FD13A458-3C45-4271-BB8D-9D3DC52BFCCB}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{08C10805-06A8-46BF-B309-3B1170586382}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{0D6777ED-FE65-4970-AE3A-30798BEB30E5}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{14BDAB42-6660-4F86-A001-93A9E35CAF1A}C:\users\muflon\downloads\borderlands-2\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\users\muflon\downloads\borderlands-2\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{258C569D-A67A-4662-9A02-366128925041}C:\Program Files (x86)\XCOM Enemy Unknown\Binaries\Win32\XComGame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xcom enemy unknown\binaries\win32\xcomgame.exe |
"UDP Query User{25D81F11-80F6-49D6-921C-1103716E9579}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{2F378BC7-4502-42A3-AB6D-35DFBE87390D}C:\users\muflon\downloads\virtual\stubexe\8.0.1135\@programfiles@\google\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=c:\users\muflon\downloads\virtual\stubexe\8.0.1135\@programfiles@\google\google sketchup 8\sketchup.exe |
"UDP Query User{81DC8FFC-D6D6-415D-941E-35324EB22A6F}C:\program files (x86)\java\jre7\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\frd.exe |
"UDP Query User{8357EA8F-EFA9-44D0-98EA-812F5E930DC6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{B3DD3B55-8A75-4700-BF3E-9DCBF02CC105}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{CE9F9065-71D4-427E-9D88-355510169131}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{E96992DE-B1A3-41B4-953C-D8BA4EBA280C}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{ED1DB50E-3FAC-4A54-9EF5-601E0FAC1EDD}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{ED7539E8-ACF8-4E73-A52F-6004C382C96A}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0405-1000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-1000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-1000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-1000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-1000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0405-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Czech) 2010
"{90140000-0044-0405-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"ZonerPhotoStudio15_CZ_is1" = Zoner Photo Studio 15
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{045D5A51-F07E-4350-8642-B85772A2876B}" = SketchUp Pro 8
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1" = World of Tanks - Common Test
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24A500E4-0B12-4D62-9973-2C7E23CCA750}" = Nero Kwik Media
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 45
"{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}" = Pinnacle Studio 16
"{28A1D7E5-6557-45EF-82A8-694B105880B5}" = PlayMemories Home
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = Nástroje WD Drive Utilities
"{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}" = Pinnacle Studio 16 - Standard Content Pack
"{8172B41A-9BB5-4A64-BF28-1FB5FE43C3FF}" = Software WD Security
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87998E4E-6D9C-411B-AAE9-B8523FFE357D}" = Image Data Converter
"{88C4D8A6-9954-46A0-965D-92E55DAB8734}" = Premium Pack Volumes 1-2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{957917FC-8DBC-4CC6-AAC2-4737BE50F5FE}" = Jalbum
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Czech
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{CA9483A2-742A-4A72-881D-B81C6B1ACB3E}" = Google SketchUp Pro 7
"{D952C4F9-2488-3723-84BE-1BFA907DCAC9}" = Google Talk Plugin
"{E3D181F8-246B-497F-945E-6DB98CBA6677}" = Hollywood FX Volumes 1-3
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.4.3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}" = Pinnacle Studio 16 - Install Manager
"{F6CA69DD-582C-434A-9A3F-5E6E78D21134}" = jAlbum
"{F7214014-27EE-4237-9978-2F9D1551559B}" = Title Extreme
"{FD0D80A3-AFE4-411E-8872-1B70C6963948}" = calibre
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avast" = avast! Free Antivirus
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"BSPlayerp" = BS.Player PRO
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"DAEMON Tools Lite" = DAEMON Tools Lite
"dm paradies foto" = dm paradies foto
"E.M. PowerPoint Video Converter_is1" = E.M. PowerPoint Video Converter 3.20
"Fallout New Vegas_is1" = Fallout New Vegas
"Fotolab Fotosvet" = Fotolab Fotosvet
"Fotosvet TETA" = Fotosvet TETA
"Free Video Converter" = Free Video Converter
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"iWebar" = iWebar
"Mozilla Firefox 25.0.1 (x86 cs)" = Mozilla Firefox 25.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"Nero - Burning Rom!UninstallKey" = Nero - Burning Rom (Web installer)
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Registrace uživatele zařízení Canon MP190 series" = Registrace uživatele zařízení Canon MP190 series
"SysPlayer" = SysPlayer
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"xampp" = XAMPP 1.8.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"RegiStax 6" = RegiStax 6
"RegiStax 6.1.0.8 update" = RegiStax 6.1.0.8 update
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9.8.2013 15:13:49 | Computer Name = Mumachine | Source = Application Error | ID = 1000
Description = Název chybující aplikace: bsplayer.exe, verze: 2.6.2.1068, časové
razítko: 0x2a425e19 Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7600.16385,
časové razítko: 0x4a5bdbdf Kód výjimky: 0x0eedfade Posun chyby: 0x0000b727 ID chybujícího
procesu: 0x13b8 Čas spuštění chybující aplikace: 0x01ce953492379b72 Cesta k chybující
aplikaci: C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe Cesta k chybujícímu
modulu: C:\Windows\syswow64\KERNELBASE.dll ID zprávy: d1ca613f-0127-11e3-bf35-002421deb00b
Error - 16.8.2013 09:37:34 | Computer Name = Mumachine | Source = Application Hang | ID = 1002
Description = Program ZPS.EXE verze 15.0.1.4 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: 1d8 Čas
spuštění: 01ce9a82c0593de2 Čas ukončení: 1092 Cesta k aplikaci: C:\PROGRAM FILES\ZONER\PHOTO
STUDIO 15\PROGRAM64\ZPS.EXE ID hlášení: fa597723-0678-11e3-8624-002421deb00b
Error - 22.8.2013 16:31:48 | Computer Name = Mumachine | Source = MsiInstaller | ID = 10005
Description =
Error - 22.8.2013 16:35:28 | Computer Name = Mumachine | Source = MsiInstaller | ID = 10005
Description =
Error - 22.8.2013 16:35:40 | Computer Name = Mumachine | Source = MsiInstaller | ID = 10005
Description =
Error - 22.8.2013 16:37:19 | Computer Name = Mumachine | Source = MsiInstaller | ID = 10005
Description =
Error - 24.8.2013 01:49:43 | Computer Name = Mumachine | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Aplikaci nebo službu Apple Mobile Device nelze restartovat.
Error - 3.9.2013 12:41:52 | Computer Name = Mumachine | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Šifrování selhala při volání OnIdentity() v objektu System
Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI
Filter Driver. System Error: Systém nemůže nalézt uvedený soubor. .
Error - 13.9.2013 18:59:40 | Computer Name = Mumachine | Source = Application Error | ID = 1000
Description = Název chybující aplikace: PMBBrowser.exe, verze: 6.3.0.9250, časové
razítko: 0x50617d01 Název chybujícího modulu: PMBBrowser.exe, verze: 6.3.0.9250,
časové razítko: 0x50617d01 Kód výjimky: 0xc0000005 Posun chyby: 0x0059b110 ID chybujícího
procesu: 0x5a0 Čas spuštění chybující aplikace: 0x01ceb0b6bed1ca9a Cesta k chybující
aplikaci: C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe ID zprávy:
2af202a0-1cc8-11e3-8517-002421deb00b
Error - 14.9.2013 07:25:04 | Computer Name = Mumachine | Source = Application Hang | ID = 1002
Description = Program wmplayer.exe verze 12.0.7600.16385 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID
procesu: f58 Čas spuštění: 01ceb139ca22b731 Čas ukončení: 19 Cesta k aplikaci: C:\Program
Files (x86)\Windows Media Player\wmplayer.exe ID hlášení: 4a52d8c2-1d30-11e3-8441-002421deb00b
[ Media Center Events ]
Error - 16.11.2013 03:31:59 | Computer Name = Mumachine | Source = MCUpdate | ID = 0
Description = 8:31:55 - Načtení položky Broadband se nezdařilo. (Chyba: Ke vzdálenému
serveru se nelze připojit.)
[ System Events ]
Error - 9.12.2013 14:53:11 | Computer Name = Mumachine | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 9.12.2013 15:42:59 | Computer Name = Mumachine | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (20:40:58, ?9.?12.?2013) bylo neočekávané.
Error - 10.12.2013 13:08:19 | Computer Name = Mumachine | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.
Error - 10.12.2013 13:56:35 | Computer Name = Mumachine | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (18:55:03, ?10.?12.?2013) bylo neočekávané.
Error - 11.12.2013 13:44:35 | Computer Name = Mumachine | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (18:43:49, ?11.?12.?2013) bylo neočekávané.
Error - 13.12.2013 17:04:29 | Computer Name = Mumachine | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (22:03:36, ?13.?12.?2013) bylo neočekávané.
Error - 14.12.2013 06:44:48 | Computer Name = Mumachine | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby avast! Antivirus bylo dosaženo
časového limitu (30000 ms).
Error - 14.12.2013 06:45:18 | Computer Name = Mumachine | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby WDDriveService bylo dosaženo
časového limitu (30000 ms).
Error - 14.12.2013 07:03:42 | Computer Name = Mumachine | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.
Error - 14.12.2013 07:04:06 | Computer Name = Mumachine | Source = Ntfs | ID = 262281
Description = Výchozí správce prostředků transakcí na svazku H: zaznamenal neopakovatelnou
chybu a nemohl být spuštěn. Data obsahují kód chyby.
< End of report >
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 7go malware
pustte znovu OTL
Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Nasledne kliknete na >Opravit<:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.certified-toolbar.com?si= ... id=2958&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= ... bs=true&q=
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= ... e&tid=2958
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.certified-toolbar.com?si= ... id=2958&q={searchTerms}
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU
IE - HKU\S-1-5-21-1011450286-1497153398-3561713556-1002\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [AutoKMS] C:\Windows\AutoKMS.exe ()
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\ms-help - No CLSID value found
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{FD13A458-3C45-4271-BB8D-9D3DC52BFCCB}C:\windows\kmsemulator.exe" =-
:files
C:\windows\kmsemulator.exe
C:\Program Files (x86)\Skype\Toolbars
C:\Windows\AutoKMS.exe
C:\Windows\AutoKMS.ini
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Petr Špatenka
- Návštěvník
- Příspěvky: 9
- Registrován: 13 pro 2013 22:26
Re: 7go malware
Files\Folders moved on Reboot...
C:\Users\Muflon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
C:\Users\Muflon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 7go malware
Toto je celý log?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Petr Špatenka
- Návštěvník
- Příspěvky: 9
- Registrován: 13 pro 2013 22:26
Re: 7go malware
Toto j vše co bylo vypsáno v okně, které se samo otevřelo, ano.
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 7go malware
OK. Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Petr Špatenka
- Návštěvník
- Příspěvky: 9
- Registrován: 13 pro 2013 22:26
Re: 7go malware
spustil jsem program a doufám, že až na konci se to seklo
Textem, že připravuje log report
a abych nic nezpouštěl:( už je to tak skoro hodinu
Měl bych nyní restartovat PC, nebo provést jinou činnost?
Textem, že připravuje log report
a abych nic nezpouštěl:( už je to tak skoro hodinu
Měl bych nyní restartovat PC, nebo provést jinou činnost?
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 7go malware
Restartujte a spusťte znovu, ale v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Petr Špatenka
- Návštěvník
- Příspěvky: 9
- Registrován: 13 pro 2013 22:26
Re: 7go malware
tak až nyní to vypsalo report
pro jistotu ho sem v kládám
ComboFix 13-12-13.01 - Muflon 14.12.2013 19:21:09.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2632 [GMT 1:00]
Spuštěný z: c:\users\Muflon\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cigiagpbkapepgklncnajbakkpkopmam_0
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cigiagpbkapepgklncnajbakkpkopmam_0\1
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\background.html
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\crossriderManifest.json
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\manifest.xml
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins.json
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\1_base.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\102_dealply_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\103_intext_5_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\105_corticas_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\108_icm_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\119_similar_web_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\120_luck_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\138_getdeal_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\17_jQuery.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\189_active_sanity.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\190_pops_5_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\191_ciuvo_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\21_debug.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\22_resources.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\28_initializer.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\47_resources_background.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\64_appApiMessage.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\7_hooks.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\72_appApiValidation.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\userCode\background.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\userCode\extension.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\icons\actions\1.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\icons\icon128.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\icons\icon16.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\icons\icon48.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\api\cookie.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\api\chrome.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\api\message.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\api\pageAction.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\api\pageActionBG.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\background.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\app_api.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\bg_app_api.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\consts.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\cookie_store.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\crossriderAPI.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\delegate.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\events.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\extensionDataStore.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\installer.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\logFile.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\logging.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\onBGDocumentLoad.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\popupResource\newPopup.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\popupResource\popup.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\reports.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\storageWrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\updateManager.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\util.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\xhr.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\main.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\manifest.json
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\popup.html
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\background.html
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\crossriderManifest.json
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\manifest.xml
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins.json
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\1_base.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\102_dealply_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\103_intext_5_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\105_corticas_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\108_icm_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\119_similar_web_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\120_luck_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\138_getdeal_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\17_jQuery.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\182_openUrl.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\189_active_sanity.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\190_pops_5_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\191_ciuvo_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\197_kreapixel_pops_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\199_superfish_no_coupons_plushd_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\200_foxydeal_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\21_debug.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\22_resources.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\28_initializer.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\47_resources_background.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\64_appApiMessage.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\7_hooks.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\72_appApiValidation.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\userCode\background.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\userCode\extension.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\icons\actions\1.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\icons\icon128.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\icons\icon16.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\icons\icon48.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\api\cookie.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\api\chrome.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\api\message.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\api\pageAction.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\api\pageActionBG.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\background.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\app_api.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\bg_app_api.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\consts.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\cookie_store.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\crossriderAPI.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\delegate.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\events.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\extensionDataStore.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\installer.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\logFile.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\logging.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\onBGDocumentLoad.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\popupResource\newPopup.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\popupResource\popup.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\reports.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\storageWrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\updateManager.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\util.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\xhr.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\main.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\manifest.json
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\popup.html
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\000003.log
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\CURRENT
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\LOCK
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\LOG
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\MANIFEST-000002
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cigiagpbkapepgklncnajbakkpkopmam_0.localstorage-journal
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cigiagpbkapepgklncnajbakkpkopmam_0.localstorage
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\defaults\preferences\prefs.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\manifest.xml
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins.json
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\1_base.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\102_dealply_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\103_intext_5_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\105_corticas_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\108_icm_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\119_similar_web_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\120_luck_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\125_arcadi2_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\138_getdeal_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\17_jQuery.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\182_openUrl.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\189_active_sanity.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\190_pops_5_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\197_kreapixel_pops_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\200_foxydeal_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\204_pricedetect_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\21_debug.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\22_resources.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\28_initializer.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\47_resources_background.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\64_appApiMessage.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\7_hooks.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\72_appApiValidation.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\98_omniCommands.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\userCode\background.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\userCode\extension.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome.manifest
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\asyncDB.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\background.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\browserAction.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\contextMenu.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\dbManager.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\dom_bg.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\fileManager.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\firefox.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\firefoxNotifications.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\firefoxOmnibox.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\message.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\pageAction.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\request.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\tabs.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\webRequest.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\background.html
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\baseObject.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\browser.xul
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\console.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\consts.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\delegate.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\extensionDataStore.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\folderIOWrapper.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\httpObserver.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\IDBWrapper.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\installer.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\logFile.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\prefs.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\progressListenerObserver.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\registry.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\reloadObserver.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\reports.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\requestObject.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\searchSettings.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\uninstallObserver.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\updateManager.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\utils.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\xhr.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\dialog.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\main.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\options.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\options.xul
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\search_dialog.xul
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\install.rdf
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\locale\en-US\translations.dtd
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button1.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button2.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button3.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button4.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button5.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\crossrider_statusbar.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\icon128.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\icon16.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\icon24.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\icon48.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\panelarrow-up.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\popup.html
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\skin.css
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\update.css
c:\windows\system32\NeroCheck.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-14 do 2013-12-14 )))))))))))))))))))))))))))))))
.
.
2013-12-14 18:30 . 2013-12-14 18:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-14 18:30 . 2013-12-14 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-14 12:30 . 2013-12-14 12:30 -------- d-----w- C:\_OTL
2013-12-14 11:16 . 2013-12-14 11:16 512 ----a-w- C:\PhysicalMBR.bin
2013-12-13 21:33 . 2013-12-13 21:34 -------- d-----w- C:\rsit
2013-12-13 21:33 . 2013-12-13 21:34 -------- d-----w- c:\program files\trend micro
2013-12-11 15:55 . 2013-12-11 15:55 -------- d-----w- c:\program files (x86)\SysPlayer
2013-12-11 15:54 . 2013-12-11 15:55 -------- d-----w- c:\program files (x86)\iWebar
2013-12-11 15:54 . 2013-12-11 15:54 -------- d-----w- c:\users\Muflon\AppData\Local\CrashRpt
2013-12-11 15:53 . 2013-12-11 17:20 -------- d-----w- c:\users\Muflon\AppData\Roaming\BitTorrent
2013-12-09 16:23 . 2013-12-09 16:23 -------- d-----w- c:\users\Muflon\AppData\Roaming\AVAST Software
2013-12-09 16:22 . 2013-12-09 16:21 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-09 16:22 . 2013-12-09 16:21 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-09 16:22 . 2013-12-09 16:21 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-09 16:22 . 2013-12-09 16:21 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-09 16:22 . 2013-12-09 16:21 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-09 16:22 . 2013-12-09 16:21 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-09 16:22 . 2013-12-09 16:21 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-09 16:22 . 2013-12-09 16:21 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-09 16:21 . 2013-12-09 16:21 43152 ----a-w- c:\windows\avastSS.scr
2013-11-27 17:13 . 2013-11-27 17:13 -------- d-----w- c:\program files (x86)\Drogerie TETA
2013-11-22 18:18 . 2013-11-22 18:18 -------- d-----w- c:\program files (x86)\dm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 10:45 . 2012-06-10 18:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 10:45 . 2012-06-10 18:50 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-09 16:21 . 2012-06-10 18:56 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-09 07:34 . 2013-11-09 07:34 405504 ----a-r- c:\users\Muflon\AppData\Roaming\Microsoft\Installer\{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}\ARPPRODUCTICON.exe
2013-11-05 19:19 . 2013-11-05 19:19 61208 ----a-w- c:\windows\SysWow64\MPEG4E-uninstall.exe
2013-11-03 18:08 . 2013-11-03 18:08 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-10-08 06:50 . 2013-11-03 17:43 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}]
2013-12-11 15:55 641392 ----a-w- c:\program files (x86)\iWebar\iWebar-bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-11-05 4287536]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2012-12-04 773728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2012-08-17 155648]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2012-08-17 155648]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-09-25 724576]
"Nástroj WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-06-13 1688008]
"!AVG Anti-Spyware"="c:\program files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-09 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 AvgAsC64;AVG Anti-Spyware Clean Driver;c:\windows\system32\DRIVERS\AvgAsC64.sys;c:\windows\SYSNATIVE\DRIVERS\AvgAsC64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 13:07 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 10:45]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 10:15]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cec44755b7739f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 10:15]
.
2013-12-14 c:\windows\Tasks\iWebar-chromeinstaller.job
- c:\program files (x86)\iWebar\iWebar-chromeinstaller.exe [2013-12-11 15:54]
.
2013-12-14 c:\windows\Tasks\iWebar-codedownloader.job
- c:\program files (x86)\iWebar\iWebar-codedownloader.exe [2013-12-11 15:55]
.
2013-12-14 c:\windows\Tasks\iWebar-enabler.job
- c:\program files (x86)\iWebar\iWebar-enabler.exe [2013-12-11 15:55]
.
2013-12-14 c:\windows\Tasks\iWebar-firefoxinstaller.job
- c:\program files (x86)\iWebar\iWebar-firefoxinstaller.exe [2013-12-11 15:54]
.
2013-12-14 c:\windows\Tasks\iWebar-updater.job
- c:\program files (x86)\iWebar\iWebar-updater.exe [2013-12-11 15:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}]
2013-12-11 15:55 969072 ----a-w- c:\program files (x86)\iWebar\iWebar-bho64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-09 16:21 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-10-22 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-10-22 3684488]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
uDefault_Search_URL =
mDefault_Search_URL =
mStart Page =
mLocal Page =
mSearch Page =
mSearch Bar =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=E5E6C1E5-1A30-4636-8101-6BC0AAFAE319&n=77fd0c23&ind=2013072419&p2=^HJ^xdm007^YYA^cz&si=CJnr8r3NyLgCFZIPtAodUkAAaA&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-12-09 17:21; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-AVG Anti-Spyware Driver
AddRemove-7go - c:\program files (x86)\Uninstall Information\Ib\97\3867\ib_uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... nts/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-12-14 20:14:50
ComboFix-quarantined-files.txt 2013-12-14 19:14
ComboFix2.txt 2013-09-13 18:20
.
Před spuštěním: Volných bajtů: 153 550 233 600
Po spuštění: Volných bajtů: 153 275 236 352
.
- - End Of File - - 7E0DC83BAC30255186C376A60A965E91
A36C5E4F47E84449FF07ED3517B43A31
pro jistotu ho sem v kládám
ComboFix 13-12-13.01 - Muflon 14.12.2013 19:21:09.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4095.2632 [GMT 1:00]
Spuštěný z: c:\users\Muflon\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cigiagpbkapepgklncnajbakkpkopmam_0
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cigiagpbkapepgklncnajbakkpkopmam_0\1
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\background.html
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\crossriderManifest.json
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\manifest.xml
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins.json
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\1_base.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\102_dealply_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\103_intext_5_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\105_corticas_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\108_icm_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\119_similar_web_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\120_luck_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\138_getdeal_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\17_jQuery.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\189_active_sanity.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\190_pops_5_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\191_ciuvo_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\21_debug.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\22_resources.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\28_initializer.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\47_resources_background.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\64_appApiMessage.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\7_hooks.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\72_appApiValidation.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\userCode\background.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\extensionData\userCode\extension.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\icons\actions\1.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\icons\icon128.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\icons\icon16.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\icons\icon48.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\api\cookie.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\api\chrome.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\api\message.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\api\pageAction.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\api\pageActionBG.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\background.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\app_api.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\bg_app_api.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\consts.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\cookie_store.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\crossriderAPI.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\delegate.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\events.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\extensionDataStore.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\installer.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\logFile.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\logging.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\onBGDocumentLoad.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\popupResource\newPopup.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\popupResource\popup.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\reports.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\storageWrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\updateManager.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\util.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\lib\xhr.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\js\main.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\manifest.json
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.164_0\popup.html
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\background.html
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\crossriderManifest.json
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\manifest.xml
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins.json
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\1_base.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\102_dealply_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\103_intext_5_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\105_corticas_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\108_icm_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\119_similar_web_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\120_luck_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\138_getdeal_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\17_jQuery.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\182_openUrl.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\189_active_sanity.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\190_pops_5_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\191_ciuvo_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\197_kreapixel_pops_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\199_superfish_no_coupons_plushd_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\200_foxydeal_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\21_debug.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\22_resources.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\28_initializer.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\47_resources_background.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\64_appApiMessage.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\7_hooks.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\72_appApiValidation.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\userCode\background.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\extensionData\userCode\extension.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\icons\actions\1.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\icons\icon128.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\icons\icon16.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\icons\icon48.png
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\api\cookie.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\api\chrome.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\api\message.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\api\pageAction.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\api\pageActionBG.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\background.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\app_api.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\bg_app_api.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\consts.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\cookie_store.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\crossriderAPI.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\delegate.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\events.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\extensionDataStore.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\installer.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\logFile.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\logging.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\onBGDocumentLoad.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\popupResource\newPopup.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\popupResource\popup.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\reports.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\storageWrapper.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\updateManager.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\util.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\lib\xhr.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\js\main.js
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\manifest.json
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.25.174_0\popup.html
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\000003.log
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\CURRENT
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\LOCK
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\LOG
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\MANIFEST-000002
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cigiagpbkapepgklncnajbakkpkopmam_0.localstorage-journal
c:\users\Muflon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cigiagpbkapepgklncnajbakkpkopmam_0.localstorage
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\defaults\preferences\prefs.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\manifest.xml
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins.json
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\1_base.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\102_dealply_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\103_intext_5_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\105_corticas_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\108_icm_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\119_similar_web_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\120_luck_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\125_arcadi2_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\138_getdeal_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\17_jQuery.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\182_openUrl.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\189_active_sanity.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\190_pops_5_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\197_kreapixel_pops_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\200_foxydeal_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\204_pricedetect_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\21_debug.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\22_resources.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\28_initializer.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\47_resources_background.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\64_appApiMessage.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\7_hooks.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\72_appApiValidation.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\98_omniCommands.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\userCode\background.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\userCode\extension.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome.manifest
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\asyncDB.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\background.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\browserAction.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\contextMenu.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\dbManager.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\dom_bg.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\fileManager.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\firefox.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\firefoxNotifications.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\firefoxOmnibox.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\message.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\pageAction.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\request.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\tabs.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\webRequest.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\background.html
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\baseObject.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\browser.xul
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\console.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\consts.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\delegate.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\extensionDataStore.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\folderIOWrapper.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\httpObserver.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\IDBWrapper.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\installer.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\logFile.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\prefs.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\progressListenerObserver.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\registry.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\reloadObserver.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\reports.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\requestObject.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\searchSettings.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\uninstallObserver.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\updateManager.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\utils.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\xhr.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\dialog.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\main.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\options.js
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\options.xul
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\search_dialog.xul
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\install.rdf
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\locale\en-US\translations.dtd
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button1.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button2.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button3.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button4.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button5.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\crossrider_statusbar.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\icon128.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\icon16.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\icon24.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\icon48.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\panelarrow-up.png
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\popup.html
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\skin.css
c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\update.css
c:\windows\system32\NeroCheck.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-14 do 2013-12-14 )))))))))))))))))))))))))))))))
.
.
2013-12-14 18:30 . 2013-12-14 18:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-14 18:30 . 2013-12-14 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-14 12:30 . 2013-12-14 12:30 -------- d-----w- C:\_OTL
2013-12-14 11:16 . 2013-12-14 11:16 512 ----a-w- C:\PhysicalMBR.bin
2013-12-13 21:33 . 2013-12-13 21:34 -------- d-----w- C:\rsit
2013-12-13 21:33 . 2013-12-13 21:34 -------- d-----w- c:\program files\trend micro
2013-12-11 15:55 . 2013-12-11 15:55 -------- d-----w- c:\program files (x86)\SysPlayer
2013-12-11 15:54 . 2013-12-11 15:55 -------- d-----w- c:\program files (x86)\iWebar
2013-12-11 15:54 . 2013-12-11 15:54 -------- d-----w- c:\users\Muflon\AppData\Local\CrashRpt
2013-12-11 15:53 . 2013-12-11 17:20 -------- d-----w- c:\users\Muflon\AppData\Roaming\BitTorrent
2013-12-09 16:23 . 2013-12-09 16:23 -------- d-----w- c:\users\Muflon\AppData\Roaming\AVAST Software
2013-12-09 16:22 . 2013-12-09 16:21 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-09 16:22 . 2013-12-09 16:21 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-09 16:22 . 2013-12-09 16:21 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-09 16:22 . 2013-12-09 16:21 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-09 16:22 . 2013-12-09 16:21 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-09 16:22 . 2013-12-09 16:21 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-09 16:22 . 2013-12-09 16:21 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-09 16:22 . 2013-12-09 16:21 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-09 16:21 . 2013-12-09 16:21 43152 ----a-w- c:\windows\avastSS.scr
2013-11-27 17:13 . 2013-11-27 17:13 -------- d-----w- c:\program files (x86)\Drogerie TETA
2013-11-22 18:18 . 2013-11-22 18:18 -------- d-----w- c:\program files (x86)\dm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 10:45 . 2012-06-10 18:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 10:45 . 2012-06-10 18:50 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-09 16:21 . 2012-06-10 18:56 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-09 07:34 . 2013-11-09 07:34 405504 ----a-r- c:\users\Muflon\AppData\Roaming\Microsoft\Installer\{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}\ARPPRODUCTICON.exe
2013-11-05 19:19 . 2013-11-05 19:19 61208 ----a-w- c:\windows\SysWow64\MPEG4E-uninstall.exe
2013-11-03 18:08 . 2013-11-03 18:08 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-10-08 06:50 . 2013-11-03 17:43 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}]
2013-12-11 15:55 641392 ----a-w- c:\program files (x86)\iWebar\iWebar-bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-11-05 4287536]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2012-12-04 773728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2012-08-17 155648]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2012-08-17 155648]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-09-25 724576]
"Nástroj WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-06-13 1688008]
"!AVG Anti-Spyware"="c:\program files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-09 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 AvgAsC64;AVG Anti-Spyware Clean Driver;c:\windows\system32\DRIVERS\AvgAsC64.sys;c:\windows\SYSNATIVE\DRIVERS\AvgAsC64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 13:07 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 10:45]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 10:15]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cec44755b7739f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 10:15]
.
2013-12-14 c:\windows\Tasks\iWebar-chromeinstaller.job
- c:\program files (x86)\iWebar\iWebar-chromeinstaller.exe [2013-12-11 15:54]
.
2013-12-14 c:\windows\Tasks\iWebar-codedownloader.job
- c:\program files (x86)\iWebar\iWebar-codedownloader.exe [2013-12-11 15:55]
.
2013-12-14 c:\windows\Tasks\iWebar-enabler.job
- c:\program files (x86)\iWebar\iWebar-enabler.exe [2013-12-11 15:55]
.
2013-12-14 c:\windows\Tasks\iWebar-firefoxinstaller.job
- c:\program files (x86)\iWebar\iWebar-firefoxinstaller.exe [2013-12-11 15:54]
.
2013-12-14 c:\windows\Tasks\iWebar-updater.job
- c:\program files (x86)\iWebar\iWebar-updater.exe [2013-12-11 15:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}]
2013-12-11 15:55 969072 ----a-w- c:\program files (x86)\iWebar\iWebar-bho64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-09 16:21 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-10-22 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-10-22 3684488]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
uDefault_Search_URL =
mDefault_Search_URL =
mStart Page =
mLocal Page =
mSearch Page =
mSearch Bar =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=E5E6C1E5-1A30-4636-8101-6BC0AAFAE319&n=77fd0c23&ind=2013072419&p2=^HJ^xdm007^YYA^cz&si=CJnr8r3NyLgCFZIPtAodUkAAaA&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-12-09 17:21; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-AVG Anti-Spyware Driver
AddRemove-7go - c:\program files (x86)\Uninstall Information\Ib\97\3867\ib_uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... nts/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-12-14 20:14:50
ComboFix-quarantined-files.txt 2013-12-14 19:14
ComboFix2.txt 2013-09-13 18:20
.
Před spuštěním: Volných bajtů: 153 550 233 600
Po spuštění: Volných bajtů: 153 275 236 352
.
- - End Of File - - 7E0DC83BAC30255186C376A60A965E91
A36C5E4F47E84449FF07ED3517B43A31
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 7go malware
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt.Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1cec44755b7739f.job
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}]
Driver::
Skype C2C Service
Firefox::
FF - ProfilePath - c:\users\Muflon\AppData\Roaming\Mozilla\Firefox\Profiles\6l4d7xd1.default\
FF - prefs.js: keyword.URL - hxxp://search.tb.ask.com/search/GGmain. ... 072419&p2=^HJ^xdm007^YYA^cz&si=CJnr8r3NyLgCFZIPtAodUkAAaA&searchfor=
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... nts/2003\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... A18}\Alias]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?
