VIRY.CZ

C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Program Files\trend micro\Shooty.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1382 ... U4V1MLU4VX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?utm_ ... earchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?utm_ ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buenosearch.com/?babsrc=HP_s ... 3&tsp=5193
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1382 ... U4V1MLU4VX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1382 ... U4V1MLU4VX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,d:\agricultural simulator 2013 - steam edition\agrarsimulator2013srvsrv.exe,c:\program files (x86)\microsoft\desktoplayer.exe,c:\users\shooty\appdata\local\31eb9ad1-7f66-4620-0dc1-7a1d7e816373\31eb9ad1-7f66-4620-0dc1-7a1d7e816373srv.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: AlLCheapPrice - {16C3013E-33EF-329E-9170-3CA521C6FC77} - C:\ProgramData\AlLCheapPrice\8kB11Vhu.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: RoboSaver - {A8DCC497-97C3-F37B-5DDD-C21E98F1AA50} - C:\ProgramData\RoboSaver\E498d_.dll
O2 - BHO: RObOSaVer - {C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2} - C:\ProgramData\RObOSaVer\82ANBY.dll
O2 - BHO: BestSuaveForYoou - {FF4E598B-6457-A5B6-512F-3D1B1A43996E} - C:\ProgramData\BestSuaveForYoou\GBKEuta.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Users\Shooty\Desktop\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [Torntv Downloader] C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup
O4 - HKCU\..\Run: [Microsoft Application Manager] "C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\stub.exe" "C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\mst.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Users\Shooty\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O20 - AppInit_DLLs: c:\progra~3\fastan~1\fastan~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginService\PluginService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wpm Service (Wpm) - Cherished Technololgy LIMITED - C:\ProgramData\WPM\wprotectmanager.exe

--
End of file - 11355 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\ProgramData\IePluginService\PluginService.exe -service
"C:\Program Files (x86)\WinZipper\winzipersvc.exe"
C:\ProgramData\WPM\wprotectmanager.exe -service
taskeng.exe {553381EA-08BC-4C0A-BA2B-6198BFC98B11}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\rundll32.exe" "c:\progra~3\fastan~1\FastAndSafeSvc.dll",service
"C:\Windows\system32\rundll32.exe" "c:\progra~3\fastan~1\FastAndSafeSvc.dll",service
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\System32\svchost.exe -k secsvcs
"taskhost.exe"
taskeng.exe {D01F6B78-FC51-4AFE-AC18-59554617D410}
"C:\Program Files (x86)\PCMeter\PCMeterV0.3.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe"
"C:\Windows\SysWOW64\rundll32.exe" C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
"C:\Windows\vsnpstd3.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe"
"C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\mst.exe"
\??\C:\Windows\system32\conhost.exe "1131776600-762512500-1424016478-1643391049-275345640-1754364149-524833536-1075560793
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\wuauclt.exe"
"C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\cpu\cpu.exe" --url=stratum+tcp://advantag.su:8080 -u #201#cpu.c0240c36a1d5675e9b6e2e4c8502e61f -p 123 -t 6
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=6380.138bc8a0.21015303 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 6380 "\\.\pipe\gecko-crash-server-pipe.6380" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe" --proxy-stub-channel=Flash5808.6A2E7F48.7695 --host-broker-channel=Flash5808.6A2E7F48.21333 --host-pid=5808 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe" --channel=4056.002CF86C.248845462 --proxy-stub-channel=Flash5808.6A2E7F48.7695 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll" --host-npapi-version=27 --type=renderer
"C:\Users\Shooty\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AmiUpdXp.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Shooty\AppData\Roaming\Mozilla\Firefox\Profiles\ohg90lin.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.40.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.7]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


C:\Users\Shooty\AppData\Roaming\Mozilla\Firefox\Profiles\ohg90lin.default\searchplugins\
buenosearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16C3013E-33EF-329E-9170-3CA521C6FC77}]
AlLCheapPrice - C:\ProgramData\AlLCheapPrice\8kB11Vhu.x64.dll [2013-12-31 474624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8DCC497-97C3-F37B-5DDD-C21E98F1AA50}]
RoboSaver - C:\ProgramData\RoboSaver\E498d_.x64.dll [2014-03-11 475136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2}]
RObOSaVer - C:\ProgramData\RObOSaVer\82ANBY.x64.dll [2013-12-31 474624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF4E598B-6457-A5B6-512F-3D1B1A43996E}]
BestSuaveForYoou - C:\ProgramData\BestSuaveForYoou\GBKEuta.x64.dll [2014-02-27 475136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-16 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16C3013E-33EF-329E-9170-3CA521C6FC77}]
AlLCheapPrice - C:\ProgramData\AlLCheapPrice\8kB11Vhu.dll [2013-12-31 426496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
IETabPage Class - C:\Program Files (x86)\SupTab\SupTab.dll [2014-04-11 513648]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8DCC497-97C3-F37B-5DDD-C21E98F1AA50}]
RoboSaver - C:\ProgramData\RoboSaver\E498d_.dll [2014-03-11 425984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2}]
RObOSaVer - C:\ProgramData\RObOSaVer\82ANBY.dll [2013-12-31 425472]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF4E598B-6457-A5B6-512F-3D1B1A43996E}]
BestSuaveForYoou - C:\ProgramData\BestSuaveForYoou\GBKEuta.dll [2014-02-27 425984]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cm108Sound"=C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544]
"snpstd3"=C:\Windows\vsnpstd3.exe [2006-09-19 827392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
"RGSC"=C:\Users\Shooty\Desktop\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"Raptr"=C:\PROGRA~2\Raptr\raptrstub.exe [2014-03-28 55360]
"Torntv Downloader"=C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup []
"Microsoft Application Manager"=C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\stub.exe [2014-03-26 90112]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2012-05-11 5119600]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-12-06 766208]
"mobilegeni daemon"=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"=C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [2014-03-21 102400]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.ffds"=ff_vfw.dll
"vidc.lags"=lagarith.dll
"VIDC.XFR1"=xfcodec64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-04-12 10:02:52 ----D---- C:\rsit
2014-04-12 10:02:52 ----D---- C:\Program Files\trend micro
2014-04-12 09:38:13 ----D---- C:\Program Files (x86)\ESET
2014-04-10 14:58:45 ----D---- C:\Users\Shooty\AppData\Roaming\AVAST Software
2014-04-10 14:57:57 ----D---- C:\Program Files\AVAST Software
2014-04-10 14:57:05 ----D---- C:\ProgramData\AVAST Software
2014-04-08 15:46:34 ----D---- C:\Users\Shooty\AppData\Roaming\Updater
2014-04-07 15:25:27 ----D---- C:\Users\Shooty\AppData\Roaming\Xilisoft
2014-04-07 15:23:48 ----D---- C:\ProgramData\Xilisoft
2014-04-07 15:23:48 ----D---- C:\Program Files (x86)\Xilisoft
2014-04-05 18:35:43 ----D---- C:\Program Files (x86)\Gophoto.it
2014-03-29 13:28:36 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-03-29 13:14:53 ----D---- C:\Users\Shooty\AppData\Roaming\Milestone
2014-03-23 18:16:53 ----A---- C:\Windows\SYSWOW64\Access.dat
2014-03-23 18:15:11 ----D---- C:\Users\Shooty\AppData\Roaming\Tunngle
2014-03-23 18:15:10 ----A---- C:\Windows\system32\drivers\tap0901t.sys
2014-03-23 17:58:13 ----D---- C:\ProgramData\LumaEmu_SteamCloud
2014-03-22 00:47:57 ----D---- C:\ProgramData\Package Cache
2014-03-21 22:45:36 ----D---- C:\Program Files (x86)\AdRemouveerrUTubbe
2014-03-21 22:37:44 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-03-21 22:37:44 ----A---- C:\Windows\system32\vbscript.dll
2014-03-21 22:33:53 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-03-21 22:33:53 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-03-21 22:33:53 ----A---- C:\Windows\system32\msrating.dll
2014-03-21 22:33:53 ----A---- C:\Windows\system32\ieui.dll
2014-03-21 22:33:52 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2014-03-21 22:33:52 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-03-21 22:33:52 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-03-21 22:33:52 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-03-21 22:33:52 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-03-21 22:33:52 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-21 22:33:52 ----A---- C:\Windows\system32\iesysprep.dll
2014-03-21 22:33:52 ----A---- C:\Windows\system32\iesetup.dll
2014-03-21 22:33:52 ----A---- C:\Windows\system32\iernonce.dll
2014-03-21 22:33:52 ----A---- C:\Windows\system32\ie4uinit.exe
2014-03-21 22:33:51 ----A---- C:\Windows\system32\iertutil.dll
2014-03-21 22:33:50 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-03-21 22:33:50 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-03-21 22:33:50 ----A---- C:\Windows\system32\msfeeds.dll
2014-03-21 22:33:50 ----A---- C:\Windows\system32\jscript.dll
2014-03-21 22:33:49 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-03-21 22:33:49 ----A---- C:\Windows\system32\jscript9.dll
2014-03-21 22:33:48 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-03-21 22:33:48 ----A---- C:\Windows\system32\urlmon.dll
2014-03-21 22:33:47 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-03-21 22:33:47 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-03-21 22:33:47 ----A---- C:\Windows\system32\wininet.dll
2014-03-21 22:33:47 ----A---- C:\Windows\system32\jsproxy.dll
2014-03-21 22:33:46 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-03-21 22:33:45 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-03-21 22:33:45 ----A---- C:\Windows\system32\ieframe.dll
2014-03-21 22:33:43 ----A---- C:\Windows\system32\mshtml.dll
2014-03-21 22:30:02 ----A---- C:\Windows\system32\wwansvc.dll
2014-03-21 22:29:59 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-03-21 22:29:59 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-03-21 22:29:59 ----A---- C:\Windows\system32\d3d10warp.dll
2014-03-21 22:29:59 ----A---- C:\Windows\system32\d2d1.dll
2014-03-21 22:29:57 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-03-21 22:29:57 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-03-21 22:29:57 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-03-21 22:29:57 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-21 22:29:57 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-03-21 22:29:57 ----A---- C:\Windows\system32\RMActivate.exe
2014-03-21 22:29:56 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-03-21 22:29:56 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-03-21 22:29:56 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-03-21 22:29:56 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-03-21 22:29:56 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-03-21 22:29:56 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-03-21 22:29:56 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-03-21 22:29:56 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-03-21 22:29:56 ----A---- C:\Windows\system32\secproc_isv.dll
2014-03-21 22:29:56 ----A---- C:\Windows\system32\secproc.dll
2014-03-21 22:29:56 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-03-21 22:29:56 ----A---- C:\Windows\system32\msdrm.dll
2014-03-21 22:29:31 ----A---- C:\Windows\system32\drivers\netio.sys
2014-03-21 22:29:30 ----A---- C:\Windows\system32\win32k.sys
2014-03-21 22:29:28 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-03-21 22:29:28 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-03-21 22:29:28 ----A---- C:\Windows\system32\drivers\usbohci.sys
2014-03-21 22:29:28 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-03-21 22:29:28 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-03-21 22:29:28 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-03-21 22:29:28 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-03-21 22:29:25 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-03-21 22:29:25 ----A---- C:\Windows\system32\msxml3.dll
2014-03-21 22:29:24 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-03-21 22:29:24 ----A---- C:\Windows\system32\msxml3r.dll
2014-03-21 22:29:22 ----A---- C:\Windows\SYSWOW64\wer.dll
2014-03-21 22:29:22 ----A---- C:\Windows\system32\wer.dll
2014-03-21 22:29:20 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-03-21 22:29:20 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-03-21 22:29:00 ----A---- C:\Windows\system32\qedit.dll
2014-03-21 22:28:59 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-03-21 22:05:40 ----D---- C:\Users\Shooty\AppData\Roaming\library_dir
2014-03-21 22:05:34 ----D---- C:\Users\Shooty\AppData\Roaming\Raptr
2014-03-21 22:04:14 ----D---- C:\Program Files (x86)\Raptr
2014-03-21 21:05:32 ----D---- C:\Program Files (x86)\AGEIA Technologies
2014-03-21 17:11:36 ----RA---- C:\Windows\SYSWOW64\tmpEE1.tmp
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\vb40032.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\msvcrt10.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\msvcr70.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\msvcp71.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\msvcp70.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\msvci70.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\msvbvm50.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\msstkprp.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\msstdfmt.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc71u.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc71kor.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc71jpn.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc71ita.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc71cht.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc71chs.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc71fra.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc71esp.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc71enu.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc71deu.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc70u.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc70kor.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc70jpn.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc70ita.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc70cht.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc70chs.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc70fra.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc70esp.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc70enu.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc70deu.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\mfc70.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\atl71.dll
2014-03-21 17:11:20 ----A---- C:\Windows\SYSWOW64\atl70.dll
2014-03-20 19:28:56 ----D---- C:\Users\Shooty\AppData\Roaming\Vso
2014-03-20 19:28:56 ----A---- C:\Users\Shooty\AppData\Roaming\pcouffin.sys
2014-03-20 19:28:56 ----A---- C:\Users\Shooty\AppData\Roaming\inst.exe
2014-03-20 19:28:49 ----D---- C:\ProgramData\VSO
2014-03-20 19:28:49 ----D---- C:\Program Files (x86)\VSO
2014-03-20 17:33:46 ----D---- C:\Saves
2014-03-18 15:20:22 ----RA---- C:\Windows\SYSWOW64\tmpED0.tmp
2014-03-15 10:29:19 ----D---- C:\Program Files (x86)\Deadfall Adventures

======List of files/folders modified in the last 1 month======

2014-04-12 10:03:07 ----D---- C:\Windows\Prefetch
2014-04-12 10:02:57 ----D---- C:\Windows\Temp
2014-04-12 10:02:52 ----RD---- C:\Program Files
2014-04-12 09:38:13 ----RD---- C:\Program Files (x86)
2014-04-12 06:34:26 ----D---- C:\Windows\System32
2014-04-12 06:34:26 ----D---- C:\Windows\inf
2014-04-12 06:34:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-04-12 06:31:30 ----D---- C:\Program Files (x86)\WinZipper
2014-04-12 06:29:55 ----D---- C:\Windows\SysWOW64
2014-04-12 06:29:44 ----D---- C:\Program Files (x86)\Microsoft
2014-04-12 06:28:38 ----D---- C:\Windows\system32\config
2014-04-11 09:10:50 ----D---- C:\Program Files (x86)\SupTab
2014-04-11 09:10:49 ----D---- C:\ProgramData\IePluginService
2014-04-11 09:08:21 ----D---- C:\Windows
2014-04-10 19:25:35 ----D---- C:\Windows\Tasks
2014-04-10 19:25:35 ----D---- C:\Windows\system32\wfp
2014-04-10 19:25:33 ----D---- C:\Windows\system32\wbem
2014-04-10 19:24:34 ----D---- C:\Windows\winsxs
2014-04-10 19:24:34 ----D---- C:\Windows\system32\DriverStore
2014-04-10 19:24:34 ----D---- C:\Windows\system32\catroot2
2014-04-10 19:24:30 ----SHD---- C:\Windows\Installer
2014-04-10 19:24:30 ----D---- C:\Windows\system32\Tasks
2014-04-10 19:24:30 ----D---- C:\Windows\system32\CodeIntegrity
2014-04-10 19:24:28 ----D---- C:\Users\Shooty\AppData\Roaming\Wargaming.net
2014-04-10 19:24:28 ----D---- C:\Users\Shooty\AppData\Roaming\DOXXBet
2014-04-10 19:24:27 ----D---- C:\ProgramData\RObOSaVer
2014-04-10 19:24:27 ----D---- C:\ProgramData\McAfee Security Scan
2014-04-10 19:24:27 ----D---- C:\ProgramData\Fast And Safe
2014-04-10 19:24:27 ----D---- C:\ProgramData\Doawnload kkEeper
2014-04-10 19:24:27 ----D---- C:\ProgramData\BestSuaveForYoou
2014-04-10 19:24:27 ----D---- C:\ProgramData\AlLCheapPrice
2014-04-10 19:24:27 ----D---- C:\Program Files\WinRAR
2014-04-10 19:24:27 ----D---- C:\Program Files (x86)\PCMeter
2014-04-10 19:24:27 ----D---- C:\Program Files (x86)\ParadisePoker
2014-04-10 19:24:27 ----D---- C:\Program Files (x86)\HD Tune Pro
2014-04-10 19:24:26 ----D---- C:\Program Files (x86)\DVDFab 9
2014-04-10 19:24:26 ----D---- C:\Program Files (x86)\DVD Shrink
2014-04-10 19:24:26 ----D---- C:\Program Files (x86)\CDBurnerXP
2014-04-10 19:24:26 ----D---- C:\giminer
2014-04-10 19:24:20 ----D---- C:\Windows\registration
2014-04-10 19:24:08 ----D---- C:\Users\Shooty\AppData\Roaming\uTorrent
2014-04-10 19:24:05 ----HD---- C:\ProgramData
2014-04-10 19:23:54 ----D---- C:\Program Files (x86)\AMD AVT
2014-04-10 19:22:12 ----SHD---- C:\System Volume Information
2014-04-10 19:19:47 ----D---- C:\Users\Shooty\AppData\Roaming\Free YouTube to MP3 Converter Studio
2014-04-08 20:23:34 ----D---- C:\Users\Shooty\AppData\Roaming\DAEMON Tools Lite
2014-04-08 20:23:19 ----D---- C:\Windows\Panther
2014-04-08 20:23:19 ----D---- C:\Windows\Minidump
2014-04-08 20:23:19 ----D---- C:\Windows\Logs
2014-04-08 20:23:19 ----D---- C:\Windows\debug
2014-04-08 15:47:36 ----D---- C:\Users\Shooty\AppData\Roaming\vlc
2014-04-08 15:46:25 ----SD---- C:\Users\Shooty\AppData\Roaming\Microsoft
2014-04-08 15:46:20 ----D---- C:\Users\Shooty\AppData\Roaming\dvdcss
2014-04-07 15:24:14 ----SHD---- C:\Config.Msi
2014-04-05 18:40:13 ----RSD---- C:\Windows\Fonts
2014-03-30 14:46:29 ----D---- C:\Users\Shooty\AppData\Roaming\Litecoin
2014-03-30 08:51:46 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 13:39:34 ----D---- C:\Program Files (x86)\Mozilla Firefox.bak
2014-03-29 13:13:24 ----RSD---- C:\Windows\assembly
2014-03-24 23:09:02 ----D---- C:\Windows\SYSWOW64\directx
2014-03-24 17:16:59 ----D---- C:\Windows\system32\NDF
2014-03-23 18:15:33 ----D---- C:\Windows\system32\drivers
2014-03-23 18:15:32 ----D---- C:\Windows\system32\catroot
2014-03-22 11:16:47 ----D---- C:\Windows\rescache
2014-03-22 11:00:54 ----D---- C:\Windows\Microsoft.NET
2014-03-22 00:50:17 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-03-22 00:49:14 ----D---- C:\Windows\SYSWOW64\en-US
2014-03-22 00:49:14 ----D---- C:\Windows\system32\en-US
2014-03-21 23:05:35 ----D---- C:\Program Files (x86)\Common Files
2014-03-21 22:48:29 ----D---- C:\ProgramData\AdRemouveerrUTubbe
2014-03-21 22:48:29 ----D---- C:\Program Files\Google
2014-03-21 22:48:29 ----D---- C:\Program Files (x86)\Google
2014-03-21 22:47:28 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-03-21 22:47:28 ----D---- C:\Windows\system32\sk-SK
2014-03-21 22:47:28 ----D---- C:\Program Files (x86)\Internet Explorer
2014-03-21 22:47:27 ----D---- C:\Program Files\Internet Explorer
2014-03-21 22:45:36 ----D---- C:\ProgramData\a41e02de15ae553a
2014-03-21 22:44:00 ----D---- C:\ProgramData\Google
2014-03-21 22:34:33 ----D---- C:\Windows\system32\MRT
2014-03-21 21:05:32 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2014-03-21 17:11:36 ----D---- C:\Program Files (x86)\OpenAL
2014-03-21 17:11:36 ----A---- C:\Windows\SYSWOW64\wrap_oal.dll
2014-03-21 17:11:36 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2014-03-21 17:11:36 ----A---- C:\Windows\system32\wrap_oal.dll
2014-03-21 17:11:36 ----A---- C:\Windows\system32\OpenAL32.dll
2014-03-20 19:44:17 ----D---- C:\ProgramData\vsosdk

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-07-01 283200]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2013-09-20 59648]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-21 146432]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-12-06 13207552]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-12-06 626176]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-09-24 94208]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2012-08-07 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2012-08-07 88832]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2014-04-12 25640]
R3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2014-04-12 30528]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2012-05-04 2196592]
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Users\Shooty\AppData\Local\Temp\tmp74C1.tmp []
S3 AODDriver;AODDriver; \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-03-12 52280]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-08-20 103576]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2013-08-18 25640]
S3 GPCIDrv;GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys []
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\Windows\system32\DRIVERS\snpstd3.sys [2007-03-27 10550272]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBPNPA;USB PnP Sound Device Interface; C:\Windows\system32\drivers\CM10864.sys [2013-01-16 1310720]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 XFDriver64;XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys []
S4 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 64af91bf;Fast And Safe; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-12-06 239616]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-06 344064]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 IePluginService;IePlugin Service; C:\ProgramData\IePluginService\PluginService.exe [2014-04-11 705136]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2012-05-04 27760]
R2 winzipersvc;WinZiper service; C:\Program Files (x86)\WinZipper\winzipersvc.exe [2014-02-26 425104]
R2 Wpm;Wpm Service; C:\ProgramData\WPM\wprotectmanager.exe [2014-02-26 501904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 257928]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-09 51648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 116648]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-03-21 218112]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2014-03-21 131072]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 289256]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-29 119408]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-15 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Shooty on so 12. 04. 2014 at 10:34:14,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys



~~~ Files

Successfully disinfected: [Shortcut] C:\Users\Shooty\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Shooty\AppData\Roaming\mozilla\firefox\profiles\ohg90lin.default\user.js
Successfully deleted: [File] C:\Users\Shooty\AppData\Roaming\mozilla\firefox\profiles\ohg90lin.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Shooty\AppData\Roaming\mozilla\firefox\profiles\ohg90lin.default\extensions\gophoto@gophoto.it.xpi
Successfully deleted the following from C:\Users\Shooty\AppData\Roaming\mozilla\firefox\profiles\ohg90lin.default\prefs.js

user_pref("extensions.4uZ9PcZhX.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexO
user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 3&tsp=5193");
user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 3&tsp=5193");
user_pref("extensions.crossrider.bic", "144e660f59fc43e74afa5904a226e6d6");
user_pref("extensions.jKP6o.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"
Emptied folder: C:\Users\Shooty\AppData\Roaming\mozilla\firefox\profiles\ohg90lin.default\minidumps [109 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 12. 04. 2014 at 10:43:18,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





# AdwCleaner v3.023 - Report created 12/04/2014 at 10:46:14
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Shooty - SHOOTY-PC
# Running from : C:\Users\Shooty\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : IePluginService
Service Deleted : winzipersvc
Service Deleted : Wpm

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AllCheapPrice
Folder Deleted : C:\ProgramData\IePluginService
Folder Deleted : C:\ProgramData\WinterSoft
Folder Deleted : C:\ProgramData\WPM
[/!\] Not Deleted ( Junction ) : C:\ProgramData\AlLCheapPrice
Folder Deleted : C:\ProgramData\Doawnload kkEeper
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Deleted : C:\Program Files (x86)\AllCheapPrice
Folder Deleted : C:\Program Files (x86)\Gophoto.it
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Program Files (x86)\Doawnload kkEeper
Folder Deleted : C:\Users\Shooty\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Shooty\AppData\Roaming\SupTab
Folder Deleted : C:\Users\Shooty\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\Shooty\Documents\Mobogenie
Folder Deleted : C:\Users\andrej\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\andrej\AppData\Roaming\Mozilla\Firefox\Profiles\hmx8w4fn.default\Extensions\d-a3gqf@fb-osmkvdi.com
Folder Deleted : C:\Users\andrej\AppData\Roaming\Mozilla\Firefox\Profiles\hmx8w4fn.default\Extensions\staged
File Deleted : C:\Users\Shooty\AppData\Roaming\Mozilla\Firefox\Profiles\ohg90lin.default\searchplugins\buenosearch.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\delta-homes.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\delta-homesSoftware
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\IePlugin
Key Deleted : HKLM\Software\qone8Software
Key Deleted : HKLM\Software\supTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\Software\winzipersvc
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\supTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (sk)

[ File : C:\Users\Shooty\AppData\Roaming\Mozilla\Firefox\Profiles\ohg90lin.default\prefs.js ]

Line Deleted : user_pref("extensions.4uZ9PcZhX.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.i[...]
Line Deleted : user_pref("extensions.jKP6o.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.index[...]

[ File : C:\Users\andrej\AppData\Roaming\Mozilla\Firefox\Profiles\hmx8w4fn.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [7802 octets] - [12/04/2014 10:45:42]
AdwCleaner[S0].txt - [6300 octets] - [12/04/2014 10:46:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6360 octets] ##########

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Shooty on so 12. 04. 2014 at 11:37:31,16.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Shooty\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12. 4. 2014 11:38:25 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{804EFDB0-D68E-4C91-3BF0-25C07AC715DD} deleted successfully
HKEY_USERS\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{804EFDB0-D68E-4C91-3BF0-25C07AC715DD} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{804EFDB0-D68E-4C91-3BF0-25C07AC715DD} deleted successfully
HKEY_USERS\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{804EFDB0-D68E-4C91-3BF0-25C07AC715DD} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16C3013E-33EF-329E-9170-3CA521C6FC77} deleted successfully
HKEY_USERS\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16C3013E-33EF-329E-9170-3CA521C6FC77} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{16C3013E-33EF-329E-9170-3CA521C6FC77} deleted successfully
HKEY_USERS\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{16C3013E-33EF-329E-9170-3CA521C6FC77} deleted successfully
HKEY_USERS\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8DCC497-97C3-F37B-5DDD-C21E98F1AA50} deleted successfully
HKEY_USERS\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A8DCC497-97C3-F37B-5DDD-C21E98F1AA50} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2} deleted successfully
HKEY_USERS\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2} deleted successfully
HKEY_USERS\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{804EFDB0-D68E-4C91-3BF0-25C07AC715DD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{804EFDB0-D68E-4C91-3BF0-25C07AC715DD} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{804EFDB0-D68E-4C91-3BF0-25C07AC715DD} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{804EFDB0-D68E-4C91-3BF0-25C07AC715DD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{16C3013E-33EF-329E-9170-3CA521C6FC77} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{16C3013E-33EF-329E-9170-3CA521C6FC77} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A8DCC497-97C3-F37B-5DDD-C21E98F1AA50} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{A8DCC497-97C3-F37B-5DDD-C21E98F1AA50} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8DCC497-97C3-F37B-5DDD-C21E98F1AA50} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{804EFDB0-D68E-4C91-3BF0-25C07AC715DD} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{16C3013E-33EF-329E-9170-3CA521C6FC77} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2} deleted successfully
HKEY_USERS\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\andrej\AppData\Roaming\Mozilla\Firefox\Profiles\hmx8w4fn.default\prefs.js:

Added to C:\Users\andrej\AppData\Roaming\Mozilla\Firefox\Profiles\hmx8w4fn.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Shooty\AppData\Roaming\Mozilla\Firefox\Profiles\ohg90lin.default\prefs.js:

Added to C:\Users\Shooty\AppData\Roaming\Mozilla\Firefox\Profiles\ohg90lin.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\andrej\AppData\Roaming\Mozilla\Firefox\Profiles\hmx8w4fn.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_201412.04._1147_.backup

ProfilePath: C:\Users\Shooty\AppData\Roaming\Mozilla\Firefox\Profiles\ohg90lin.default

user.js not found
---- Lines buenosearch removed from prefs.js ----
user_pref("extensions.buenosearch.admin", false);
user_pref("extensions.buenosearch.aflt", "babsst");
user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
user_pref("extensions.buenosearch.autoRvrt", "false");
user_pref("extensions.buenosearch.bbDpng", "21");
user_pref("extensions.buenosearch.cntry", "SK");
user_pref("extensions.buenosearch.dfltLng", "en");
user_pref("extensions.buenosearch.excTlbr", false);
user_pref("extensions.buenosearch.ffxUnstlRst", true);
user_pref("extensions.buenosearch.hdrMd5", "8DB22C88E8260EF323A7609FC6FFDE90");
user_pref("extensions.buenosearch.id", "be762885000000000000902b34a87ad2");
user_pref("extensions.buenosearch.instlDay", "16150");
user_pref("extensions.buenosearch.instlRef", "sst");
user_pref("extensions.buenosearch.lastB", "chrome://branding/locale/browserconfig.properties");
user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.721:42:00");
user_pref("extensions.buenosearch.newTab", false);
user_pref("extensions.buenosearch.prdct", "buenosearch");
user_pref("extensions.buenosearch.prtnrId", "buenosearch");
user_pref("extensions.buenosearch.rvrt", "false");
user_pref("extensions.buenosearch.sg", "azb");
user_pref("extensions.buenosearch.smplGrp", "none");
user_pref("extensions.buenosearch.tlbrId", "base");
user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
user_pref("extensions.buenosearch.vrsnTs", "1.8.28.721:42:00");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines extensions.4uZ9PcZhX removed from prefs.js ----
user_pref("extensions.4uZ9PcZhX.epoch", "1395496306");
user_pref("extensions.4uZ9PcZhX.url", "http://foreveryshare.ru/sync2/?q=hfZ9oe ... rTwFrHkFqd
---- Lines extensions.jKP6o removed from prefs.js ----
user_pref("extensions.jKP6o.epoch", "1395496306");
user_pref("extensions.jKP6o.url", "http://veteranusashare.ru/sync2/?q=hfZ9 ... sFrjr8rjn7
---- FireFox user.js and prefs.js backups ----

prefs_201412.04._1147_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\mllnkeejicmgmfccogiaehlbgfkdbghc deleted
C:\Users\andrej\AppData\LocalLow\{16C3013E-33EF-329E-9170-3CA521C6FC77} deleted
C:\Users\andrej\AppData\LocalLow\{804EFDB0-D68E-4C91-3BF0-25C07AC715DD} deleted
C:\Users\andrej\AppData\LocalLow\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2} deleted
C:\Users\Shooty\AppData\LocalLow\{16C3013E-33EF-329E-9170-3CA521C6FC77} deleted
C:\Users\Shooty\AppData\LocalLow\{804EFDB0-D68E-4C91-3BF0-25C07AC715DD} deleted
C:\Users\Shooty\AppData\LocalLow\{A8DCC497-97C3-F37B-5DDD-C21E98F1AA50} deleted
C:\Users\Shooty\AppData\LocalLow\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2} deleted
C:\Users\Shooty\AppData\LocalLow\{FF4E598B-6457-A5B6-512F-3D1B1A43996E} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{16C3013E-33EF-329E-9170-3CA521C6FC77} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{804EFDB0-D68E-4C91-3BF0-25C07AC715DD} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2} deleted
C:\Users\Shooty\AppData\Local\Packages\windows_ie_ac_001\AC\{A8DCC497-97C3-F37B-5DDD-C21E98F1AA50} deleted
C:\Users\Shooty\AppData\Local\Packages\windows_ie_ac_001\AC\{FF4E598B-6457-A5B6-512F-3D1B1A43996E} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{16C3013E-33EF-329E-9170-3CA521C6FC77} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{804EFDB0-D68E-4C91-3BF0-25C07AC715DD} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{C2E8EFBF-FF58-C337-0D99-C0BD27A5B6E2} deleted
C:\PROGRA~3\Fast And Safe deleted
C:\PROGRA~3\a41e02de15ae553a deleted
C:\Users\Shooty\daemonprocess.txt deleted
C:\Users\Shooty\.android deleted
C:\PROGRA~3\AdRemouveerrUTubbe deleted
C:\PROGRA~2\AdRemouveerrUTubbe deleted
C:\PROGRA~3\RObOSaVer deleted
C:\PROGRA~3\BestSuaveForYoou deleted
C:\Users\Shooty\AppData\Roaming\All CPU MeterV3_Settings.ini deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Shooty\AppData\Local\cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\Syswow64\tmp584D.tmp deleted
C:\Windows\Syswow64\tmp585D.tmp deleted
C:\Windows\Syswow64\tmpED0.tmp deleted
C:\Windows\Syswow64\tmpEE1.tmp deleted
C:\Users\Shooty\AppData\Roaming\Mozilla\Firefox\Profiles\ohg90lin.default\extensions\firefox@mega.co.nz.xpi deleted
"C:\Users\Shooty\AppData\Local\LumaEmu" deleted
"C:\PROGRA~3\kkimddgobmahpbdbbmgggkjieojggmko\kkimddgobmahpbdbbmgggkjieojggmko.crx" deleted
"C:\PROGRA~3\kkimddgobmahpbdbbmgggkjieojggmko\update.xml" deleted
"C:\PROGRA~3\kkimddgobmahpbdbbmgggkjieojggmko" deleted
"C:\Users\Shooty\AppData\Roaming\Vso" deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\AVG SafeGuard toolbar" deleted

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Shooty\AppData\Roaming\Mozilla\Firefox\Profiles\ohg90lin.default
95812430959AE88CDD0301AB3A71913B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
B33B016B77560C7832BF4D311EA23328 - C:\Users\Shooty\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +
AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bopakagnckmlgajfccecajhnimjiiedh - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF4E598B-6457-A5B6-512F-3D1B1A43996E} deleted successfully
HKEY_USERS\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF4E598B-6457-A5B6-512F-3D1B1A43996E} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FF4E598B-6457-A5B6-512F-3D1B1A43996E} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FF4E598B-6457-A5B6-512F-3D1B1A43996E} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{FF4E598B-6457-A5B6-512F-3D1B1A43996E} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FF4E598B-6457-A5B6-512F-3D1B1A43996E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF4E598B-6457-A5B6-512F-3D1B1A43996E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF4E598B-6457-A5B6-512F-3D1B1A43996E} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D1CAD6B-7320-6FA5-70B0-B5C1CC7E9A35} deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\andrej\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\andrej\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Shooty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\andrej\AppData\Local\Mozilla\Firefox\Profiles\hmx8w4fn.default\Cache emptied successfully
C:\Users\Shooty\AppData\Local\Mozilla\Firefox\Profiles\ohg90lin.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=123 folders=69 39956545 bytes)

==== Empty Temp Folders ======================

C:\Users\andrej\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Shooty\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Shooty\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 12. 04. 2014 at 11:52:43,76 ======================

Poprosim FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014
Ran by Shooty (administrator) on SHOOTY-PC on 12-04-2014 12:55:58
Running from C:\Users\Shooty\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AddGadgets) C:\Program Files (x86)\PCMeter\PCMeterV0.3.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Windows\vsnpstd3.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\mst.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\cpu\cpu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Shooty\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cm108Sound] - C:\Windows\Syswow64\cm108.dll [8757248 2013-01-16] (C-Media Corporation)
HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5119600 2012-05-11] (VIA)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe [83608 2007-03-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\RunOnce: [EasyTuneVI] - C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [102400 2014-03-21] ()
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,d:\agricultural simulator 2013 - steam edition\agrarsimulator2013srvsrv.exe,c:\program files (x86)\microsoft\desktoplayer.exe,c:\users\shooty\appdata\local\31eb9ad1-7f66-4620-0dc1-7a1d7e816373\31eb9ad1-7f66-4620-0dc1-7a1d7e816373srv.exe [X]
HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\Run: [Raptr] - C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-03-28] (Raptr, Inc)
HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\Run: [Torntv Downloader] - C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\Run: [Microsoft Application Manager] - C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\mst.exe [193536 2014-03-26] ()
HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\MountPoints2: {732d425c-e25a-11e2-be4f-902b34a87ad2} - F:\setup.exe
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x87A456B3EE5ECE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Shooty\AppData\Roaming\Mozilla\Firefox\Profiles\ohg90lin.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Shooty\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\zoznam-sk.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
S2 64af91bf; "C:\Windows\system32\rundll32.exe" "c:\progra~3\fastan~1\FastAndSafeSvc.dll",service

==================== Drivers (Whitelisted) ====================

S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-01] (DT Soft Ltd)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-04-12] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Shooty\AppData\Local\Temp\tmp6CA6.tmp [X]
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-12 12:55 - 2014-04-12 12:56 - 00010312 _____ () C:\Users\Shooty\Desktop\FRST.txt
2014-04-12 12:55 - 2014-04-12 12:55 - 00000000 ____D () C:\FRST
2014-04-12 12:54 - 2014-04-12 12:54 - 00112640 _____ (forum.viry.cz) C:\Users\Shooty\Desktop\FRSTLauncher.exe
2014-04-12 12:53 - 2014-04-12 12:53 - 02157056 _____ (Farbar) C:\Users\Shooty\Desktop\FRST64.exe
2014-04-12 11:50 - 2014-04-12 11:37 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-12 11:38 - 2014-04-12 11:52 - 00020918 _____ () C:\zoek-results.log
2014-04-12 11:37 - 2014-04-12 11:47 - 00000000 ____D () C:\zoek_backup
2014-04-12 11:36 - 2014-04-12 11:36 - 01285120 _____ () C:\Users\Shooty\Desktop\zoek.exe
2014-04-12 10:47 - 2014-04-12 11:51 - 00000890 _____ () C:\Windows\PFRO.log
2014-04-12 10:45 - 2014-04-12 10:46 - 00000000 ____D () C:\AdwCleaner
2014-04-12 10:26 - 2014-04-12 10:26 - 01426178 _____ () C:\Users\Shooty\Desktop\adwcleaner.exe
2014-04-12 10:25 - 2014-04-12 10:25 - 00000000 ____D () C:\Windows\ERUNT
2014-04-12 10:24 - 2014-04-12 10:24 - 01016261 _____ (Thisisu) C:\Users\Shooty\Desktop\JRT.exe
2014-04-12 10:02 - 2014-04-12 10:04 - 00000000 ____D () C:\rsit
2014-04-12 10:02 - 2014-04-12 10:04 - 00000000 ____D () C:\Program Files\trend micro
2014-04-12 10:02 - 2014-04-12 10:02 - 00935175 _____ () C:\Users\Shooty\Downloads\RSITx64.exe
2014-04-12 09:38 - 2014-04-12 09:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-12 09:37 - 2014-04-12 09:37 - 02347384 _____ (ESET) C:\Users\Shooty\Downloads\esetsmartinstaller_csy.exe
2014-04-11 09:08 - 2014-04-12 11:52 - 00000224 _____ () C:\Windows\setupact.log
2014-04-11 09:08 - 2014-04-11 09:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-10 19:07 - 2014-04-10 19:07 - 00000172 _____ () C:\Users\Shooty\Downloads\wot_pref.zip
2014-04-10 18:40 - 2014-04-10 18:40 - 00000000 ____D () C:\Users\andrej\AppData\Roaming\AVAST Software
2014-04-10 14:58 - 2014-04-10 14:58 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\AVAST Software
2014-04-10 14:57 - 2014-04-10 14:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-10 14:57 - 2014-04-10 14:57 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-09 21:34 - 2014-04-10 08:55 - 810045473 ____R () C:\Users\Shooty\Downloads\vbt-sloal.mp4
2014-04-09 17:14 - 2014-04-09 21:29 - 00000000 ____D () C:\Users\Shooty\Downloads\Student Bodies [XXX]
2014-04-08 15:46 - 2014-04-12 12:46 - 00000368 _____ () C:\Windows\Tasks\updater.job
2014-04-08 15:46 - 2014-04-10 19:24 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Updater
2014-04-08 15:46 - 2014-04-08 15:46 - 00003306 _____ () C:\Windows\System32\Tasks\updater
2014-04-07 18:12 - 2014-04-07 18:12 - 00000000 ____D () C:\Users\Shooty\Downloads\peckr.mp4
2014-04-07 16:17 - 2014-04-07 17:50 - 2512269459 ____R () C:\Users\Shooty\Downloads\xcite.-college.rules.15.mp4
2014-04-07 15:25 - 2014-04-07 15:25 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Xilisoft
2014-04-07 15:25 - 2014-04-07 15:25 - 00000000 ____D () C:\Users\Shooty\AppData\Local\Xilisoft
2014-04-07 15:24 - 2014-04-07 15:24 - 00002170 _____ () C:\Users\Public\Desktop\Xilisoft MP4 to DVD Converter.lnk
2014-04-07 15:23 - 2014-04-07 15:23 - 00000000 ____D () C:\ProgramData\Xilisoft
2014-04-07 15:23 - 2014-04-07 15:23 - 00000000 ____D () C:\Program Files (x86)\Xilisoft
2014-04-06 09:32 - 2014-04-06 09:39 - 00000000 ____D () C:\Users\Shooty\Documents\i68Fifa14
2014-04-06 09:31 - 2014-04-06 09:31 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CSEP 14 1.1
2014-04-06 09:23 - 2014-04-06 09:29 - 204311091 _____ () C:\Users\Shooty\Downloads\CSEP14v1_1withFIX.exe
2014-04-05 23:22 - 2014-04-05 23:22 - 03690487 _____ () C:\Users\Shooty\Downloads\FIFA14_Updated_Rosters_05.04.2014_FIFAX.net.zip
2014-04-05 18:34 - 2014-04-05 18:34 - 00438160 _____ () C:\Users\Shooty\Downloads\Performers_Of_The_Year_2014_XXX_DVDRip_x264-CiCXXX.exe
2014-04-05 14:06 - 2014-04-10 15:12 - 01388526 _____ () C:\Users\Shooty\Downloads\vertminer-0.5.2.zip
2014-04-04 11:38 - 2014-04-04 11:38 - 00064573 _____ () C:\Users\Shooty\Downloads\Multiload_grabber_V20.zip
2014-03-30 14:44 - 2014-03-30 14:44 - 00000507 _____ () C:\Users\Public\Desktop\Cabela's Big Game Hunter Pro Hunts.lnk
2014-03-30 09:30 - 2014-03-30 10:34 - 00000000 ____D () C:\Users\Shooty\Downloads\Cabelas.Big.Game.Hunter.Pro.Hunts-RELOADED
2014-03-29 13:28 - 2014-03-29 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 13:14 - 2014-03-29 13:14 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Milestone
2014-03-29 13:12 - 2014-03-29 13:12 - 00000345 _____ () C:\Users\Public\Desktop\MXGP.lnk
2014-03-26 16:17 - 2014-03-26 16:17 - 00000000 ____D () C:\Users\Shooty\Documents\Banished
2014-03-25 22:54 - 2014-03-25 22:54 - 00000000 ____D () C:\Users\Shooty\Desktop\banished
2014-03-25 22:46 - 2014-03-26 22:46 - 00000000 ____D () C:\Users\Shooty\Downloads\Banished.x32.x64
2014-03-25 15:47 - 2014-03-25 15:47 - 305065377 _____ () C:\Users\Shooty\Desktop\patch Drivable Vehicles machete.zip
2014-03-25 12:12 - 2014-03-25 12:12 - 00031045 _____ () C:\Users\Shooty\Downloads\[kickass.to]dayz.standalone.v.0.42.116002.2014.pc.alpha.torrent
2014-03-25 11:24 - 2014-03-25 11:24 - 07188536 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\vcredist_x64.exe
2014-03-25 11:24 - 2014-03-25 11:24 - 06498200 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\vcredist_x86(1).exe
2014-03-25 11:24 - 2014-03-25 11:24 - 01415888 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\vcredist_arm.exe
2014-03-25 11:23 - 2014-03-25 11:23 - 02723264 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\vcredist_x86.exe
2014-03-24 22:49 - 2014-03-24 22:49 - 05124743 _____ (DayZ.ml Team) C:\Users\Shooty\Downloads\DayZ_update_v1.0.03.exe
2014-03-24 21:36 - 2014-03-24 21:37 - 13987015 _____ () C:\Users\Shooty\Downloads\DayZ SA Multiplayer Crack.zip
2014-03-23 19:28 - 2014-03-23 19:28 - 00014426 _____ () C:\Users\Shooty\Downloads\v28_IP_Finder.bat
2014-03-23 18:41 - 2014-03-25 12:12 - 00000118 _____ () C:\Users\Shooty\Desktop\Nový textový dokument (3).txt
2014-03-23 18:16 - 2014-03-24 17:45 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-03-23 18:15 - 2014-03-25 17:54 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Tunngle
2014-03-23 18:15 - 2014-03-23 18:15 - 00000000 ____D () C:\Users\Shooty\Documents\Tunngle
2014-03-23 18:15 - 2009-09-16 08:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-03-23 18:08 - 2014-03-23 18:08 - 04055968 _____ (Tunngle.net GmbH ) C:\Users\Shooty\Downloads\Tunngle_Setup_v4.5.1.4b.exe
2014-03-23 18:07 - 2014-03-23 18:07 - 00944894 _____ () C:\Users\Shooty\Desktop\dayz_alpha_mpfix.rar
2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\ProgramData\LumaEmu_SteamCloud
2014-03-23 17:51 - 2014-03-25 11:13 - 00000000 ____D () C:\Users\Shooty\AppData\Local\DayZ
2014-03-23 17:51 - 2014-03-23 17:51 - 00000000 ____D () C:\Users\Shooty\Documents\DayZ
2014-03-23 16:56 - 2014-03-23 16:56 - 00000000 ____D () C:\Users\Shooty\AppData\Local\Skyrim
2014-03-23 16:54 - 2014-03-23 16:54 - 00000667 _____ () C:\Users\Public\Desktop\The Elder Scrolls V Skyrim LE.lnk
2014-03-23 15:33 - 2014-03-23 15:33 - 00002938 _____ () C:\Windows\System32\Tasks\{9D83F411-DF10-40A6-8F4C-3A59ECA6ABC8}
2014-03-23 15:33 - 2014-03-23 15:33 - 00002938 _____ () C:\Windows\System32\Tasks\{2E290E47-67CC-4B7F-902F-76BA0B3D35E7}
2014-03-22 10:34 - 2014-03-23 16:29 - 00000000 ____D () C:\Users\Shooty\Downloads\The Elder Scrolls V Skyrim Legendary Edition - t2k9
2014-03-22 00:55 - 2014-03-22 00:55 - 00003008 _____ () C:\Windows\System32\Tasks\{8B90F331-097E-4345-A504-8199225139AB}
2014-03-22 00:54 - 2014-03-22 00:54 - 00003008 _____ () C:\Windows\System32\Tasks\{2094D23A-BD5D-4B3D-8425-4543B025A147}
2014-03-22 00:39 - 2014-03-22 00:45 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\Shooty\Downloads\13-12_win7_win8_64_dd_ccc_whql(1).exe
2014-03-22 00:20 - 2014-03-22 00:20 - 00003142 _____ () C:\Windows\System32\Tasks\{2E47347C-47A9-4F66-9FB6-BBFD90CAE975}
2014-03-22 00:19 - 2014-03-22 00:19 - 00292184 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\dxwebsetup(1).exe
2014-03-22 00:03 - 2014-03-22 00:06 - 108279664 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\directx.exe
2014-03-21 22:59 - 2014-03-21 22:59 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-03-21 22:42 - 2014-04-10 19:24 - 00000000 ____D () C:\Users\Shooty\AppData\Local\31eb9ad1-7f66-4620-0dc1-7a1d7e816373
2014-03-21 22:40 - 2014-03-21 22:40 - 00450328 _____ () C:\Users\Shooty\Downloads\Agricultural_Simulator_2013_SKIDROW.exe
2014-03-21 22:37 - 2013-12-21 11:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-21 22:37 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-21 22:33 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-21 22:33 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-21 22:33 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-21 22:33 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-21 22:33 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-21 22:33 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-21 22:33 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-21 22:33 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-21 22:33 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-21 22:33 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-21 22:33 - 2014-02-23 10:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-21 22:33 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-21 22:33 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-21 22:33 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-21 22:33 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-21 22:33 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-21 22:33 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-21 22:33 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-21 22:33 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-21 22:33 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-21 22:33 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-21 22:33 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-21 22:33 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-21 22:33 - 2014-02-23 08:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-21 22:33 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-21 22:33 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-21 22:33 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-21 22:33 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-21 22:33 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-21 22:33 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-21 22:33 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-21 22:33 - 2014-02-23 07:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-21 22:33 - 2014-02-23 07:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-21 22:30 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-21 22:29 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-21 22:29 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-21 22:29 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-21 22:29 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-21 22:29 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-21 22:29 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-21 22:29 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-21 22:29 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-21 22:29 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-21 22:29 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-21 22:29 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-21 22:29 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-21 22:29 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-21 22:29 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-21 22:29 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-21 22:29 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-21 22:29 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-21 22:29 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-21 22:29 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-21 22:29 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-21 22:29 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-21 22:29 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-21 22:29 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-21 22:29 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-21 22:29 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-21 22:29 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-21 22:29 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-21 22:29 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-21 22:29 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-21 22:29 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-21 22:29 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-21 22:29 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-21 22:29 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-21 22:29 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-21 22:29 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-21 22:29 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-21 22:29 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-21 22:29 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-03-21 22:29 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-21 22:29 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-21 22:29 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-21 22:29 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-21 22:28 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-21 22:08 - 2014-03-21 22:09 - 45099266 _____ () C:\Users\Shooty\Downloads\DirectX_11_Technology_Update_US.zip
2014-03-21 22:05 - 2014-04-12 11:53 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Raptr
2014-03-21 22:05 - 2014-03-21 22:05 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\library_dir
2014-03-21 22:04 - 2014-04-10 19:24 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-03-21 22:04 - 2014-03-21 22:04 - 01007930 _____ () C:\Users\Shooty\Downloads\amddriverdownload_installer.exe
2014-03-21 21:41 - 2014-03-21 21:41 - 00000000 ____D () C:\Users\Shooty\Downloads\Agricultural.Simulator.2013-SKIDROW
2014-03-21 21:37 - 2014-03-21 21:37 - 01218772 _____ () C:\Users\Shooty\Downloads\AGRICULTURAL.SIMULATOR.2K13.V1.0.ALL.SKIDROW.NODVD.ZIP
2014-03-21 21:30 - 2014-03-21 21:31 - 01244829 _____ () C:\Users\Shooty\Downloads\Farming-Simulator-2013-Crack-(HeadShot.cz).zip
2014-03-21 21:12 - 2014-03-21 21:12 - 00292184 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\dxwebsetup.exe
2014-03-21 21:05 - 2014-03-21 21:05 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-21 21:03 - 2014-03-21 21:04 - 28080640 _____ () C:\Users\Shooty\Downloads\PhysX-9.13.0604-SystemSoftware.msi
2014-03-21 20:58 - 2014-03-21 20:58 - 00003008 _____ () C:\Windows\System32\Tasks\{FA6AA6BD-A56D-43FF-A22D-103E5C6E978F}
2014-03-21 20:55 - 2014-03-21 20:55 - 00686456 _____ ( ) C:\Users\Shooty\Downloads\nvidia-physx.exe
2014-03-21 20:43 - 2014-03-21 20:43 - 00003008 _____ () C:\Windows\System32\Tasks\{EFA0E45C-5BDE-4711-9ADC-1BB49250665B}
2014-03-21 20:43 - 2014-03-21 20:43 - 00003008 _____ () C:\Windows\System32\Tasks\{E340860C-039A-4E33-B825-5D9F5737C54C}
2014-03-21 20:40 - 2014-03-21 20:40 - 00061440 _____ () C:\Users\Shooty\Downloads\Crack-na-farming-simulator-2013.iso
2014-03-21 17:17 - 2014-03-21 17:17 - 00000000 ____D () C:\Users\Shooty\Documents\Assassin's Creed Freedom Cry
2014-03-21 17:11 - 2012-12-10 17:21 - 00163376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-21 17:11 - 2012-11-26 12:10 - 00221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tabctl32.ocx
2014-03-21 17:11 - 2012-07-06 21:03 - 00617816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2014-03-21 17:11 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2014-03-21 17:11 - 2011-01-12 14:36 - 01054208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71u.dll
2014-03-21 17:11 - 2011-01-12 14:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71deu.dll
2014-03-21 17:11 - 2011-01-12 14:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71ita.dll
2014-03-21 17:11 - 2011-01-12 14:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71fra.dll
2014-03-21 17:11 - 2011-01-12 14:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71esp.dll
2014-03-21 17:11 - 2011-01-12 14:25 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71enu.dll
2014-03-21 17:11 - 2011-01-12 14:25 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71kor.dll
2014-03-21 17:11 - 2011-01-12 14:25 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71jpn.dll
2014-03-21 17:11 - 2011-01-12 14:25 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71cht.dll
2014-03-21 17:11 - 2011-01-12 14:25 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71chs.dll
2014-03-21 17:11 - 2011-01-12 13:53 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll
2014-03-21 17:11 - 2010-02-16 15:22 - 00659264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00443488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshflxgd.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00415552 _____ (Microsoft Corporation ) C:\Windows\SysWOW64\comct332.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00278352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdatgrd.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00258880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msflxgrd.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00252240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdatlst.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00222528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dblist32.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00218432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00215880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mci32.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00178512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmask32.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00170080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00136008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstdfmt.dll
2014-03-21 17:11 - 2010-02-16 15:22 - 00126800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswinsck.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00119616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomm32.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00107840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstkprp.dll
2014-03-21 17:11 - 2010-02-16 15:22 - 00100160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\picclp32.ocx
2014-03-21 17:11 - 2010-02-16 15:22 - 00080208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysinfo.ocx
2014-03-21 17:11 - 2007-02-01 23:13 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-21 17:11 - 2007-01-30 23:04 - 00339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-03-21 17:11 - 2006-08-26 01:28 - 01017344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70u.dll
2014-03-21 17:11 - 2006-08-26 01:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70ita.dll
2014-03-21 17:11 - 2006-08-26 01:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70fra.dll
2014-03-21 17:11 - 2006-08-26 01:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70esp.dll
2014-03-21 17:11 - 2006-08-26 01:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70deu.dll
2014-03-21 17:11 - 2006-08-26 01:15 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70enu.dll
2014-03-21 17:11 - 2006-08-26 01:15 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70kor.dll
2014-03-21 17:11 - 2006-08-26 01:15 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70jpn.dll
2014-03-21 17:11 - 2006-08-26 01:15 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70cht.dll
2014-03-21 17:11 - 2006-08-26 01:15 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70chs.dll
2014-03-21 17:11 - 2006-08-26 01:07 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll
2014-03-21 17:11 - 2006-08-26 00:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl70.dll
2014-03-21 17:11 - 2006-04-10 14:41 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl32.ocx
2014-03-21 17:11 - 2005-01-20 20:25 - 00054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvci70.dll
2014-03-21 17:11 - 2002-01-05 06:40 - 00487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
2014-03-21 17:11 - 2001-08-23 01:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvbvm50.dll
2014-03-21 17:11 - 1996-01-12 04:00 - 00722192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vb40032.dll
2014-03-21 17:11 - 1993-07-23 20:31 - 00210944 _____ () C:\Windows\SysWOW64\msvcrt10.dll
2014-03-21 17:00 - 2014-03-21 17:00 - 00000677 _____ () C:\Users\Public\Desktop\Assassins Creed Freedom Cry (2014) - Repack by Danik1B9.lnk
2014-03-20 23:06 - 2014-03-20 23:50 - 1527250944 ____R () C:\Users\Shooty\Downloads\Traktor Simulator 4 CZ - t2k9.iso
2014-03-20 19:30 - 2014-03-20 21:17 - 00000000 ____D () C:\Users\Shooty\Documents\ConvertXtoDVD
2014-03-20 19:28 - 2014-03-20 19:29 - 00000000 ____D () C:\ProgramData\VSO
2014-03-20 19:28 - 2014-03-20 19:28 - 00099384 _____ () C:\Users\Shooty\AppData\Roaming\inst.exe
2014-03-20 19:28 - 2014-03-20 19:28 - 00082816 _____ (VSO Software) C:\Users\Shooty\AppData\Roaming\pcouffin.sys
2014-03-20 19:28 - 2014-03-20 19:28 - 00007859 _____ () C:\Users\Shooty\AppData\Roaming\pcouffin.cat
2014-03-20 19:28 - 2014-03-20 19:28 - 00001228 _____ () C:\Users\Shooty\Desktop\ConvertXToDVD 5.lnk
2014-03-20 19:28 - 2014-03-20 19:28 - 00000055 _____ () C:\Users\Shooty\AppData\Roaming\pcouffin.log
2014-03-20 19:28 - 2014-03-20 19:28 - 00000000 ____D () C:\Users\Shooty\Documents\PcSetup
2014-03-20 19:28 - 2014-03-20 19:28 - 00000000 ____D () C:\Program Files (x86)\VSO
2014-03-20 19:27 - 2014-03-20 19:28 - 31830344 _____ (VSO Software ) C:\Users\Shooty\Downloads\vsoConvertXtoDVD5_setup.exe
2014-03-20 17:33 - 2014-03-20 17:33 - 00000000 ____D () C:\Saves
2014-03-20 14:36 - 2014-03-20 17:33 - 00000000 ____D () C:\Users\Shooty\Documents\Assassin's Creed Liberation HD
2014-03-19 17:17 - 2014-03-19 17:17 - 00000657 _____ () C:\Users\Public\Desktop\Assassin's Creed Liberation HD.lnk
2014-03-18 18:32 - 2014-03-18 23:56 - 00000000 ____D () C:\Users\Shooty\Downloads\Assassins.Creed.Liberation.HD-SKIDROW
2014-03-18 17:29 - 2014-03-18 17:29 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box
2014-03-18 14:23 - 2014-03-18 15:20 - 00000000 ____D () C:\Users\Shooty\Downloads\Assassin's Creed Freedom Cry
2014-03-17 20:15 - 2014-03-17 20:15 - 00000000 ____D () C:\Users\Shooty\Documents\Thief
2014-03-17 18:04 - 2014-03-17 18:04 - 00000762 _____ () C:\Users\Public\Desktop\Thief x64.lnk
2014-03-16 19:28 - 2014-03-17 02:25 - 00000000 ____D () C:\Users\Shooty\Downloads\Thief
2014-03-16 18:41 - 2014-03-16 18:41 - 00000685 _____ () C:\Users\Public\Desktop\Lost Planet 3.lnk
2014-03-15 10:29 - 2014-03-15 10:35 - 00000000 ____D () C:\Program Files (x86)\Deadfall Adventures
2014-03-14 23:29 - 2014-03-15 00:24 - 00000000 ____D () C:\Users\Shooty\Downloads\Deadfall Adventures (CZ.MULTi7) [Repack] by 'Teag
2014-03-14 23:16 - 2014-03-16 00:43 - 00000000 ____D () C:\Users\Shooty\Downloads\Lost Planet 3

==================== One Month Modified Files and Folders =======

2014-04-12 12:56 - 2014-04-12 12:55 - 00010312 _____ () C:\Users\Shooty\Desktop\FRST.txt
2014-04-12 12:55 - 2014-04-12 12:55 - 00000000 ____D () C:\FRST
2014-04-12 12:54 - 2014-04-12 12:54 - 00112640 _____ (forum.viry.cz) C:\Users\Shooty\Desktop\FRSTLauncher.exe
2014-04-12 12:53 - 2014-04-12 12:53 - 02157056 _____ (Farbar) C:\Users\Shooty\Desktop\FRST64.exe
2014-04-12 12:52 - 2014-02-01 16:09 - 00000000 ____D () C:\Users\Shooty\Documents\FIFA 14
2014-04-12 12:46 - 2014-04-08 15:46 - 00000368 _____ () C:\Windows\Tasks\updater.job
2014-04-12 12:45 - 2013-06-01 19:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-12 12:00 - 2013-06-01 19:29 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-12 11:59 - 2009-07-14 07:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-12 11:59 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-12 11:59 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-12 11:55 - 2013-06-01 19:04 - 01333040 _____ () C:\Windows\WindowsUpdate.log
2014-04-12 11:53 - 2014-03-21 22:05 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Raptr
2014-04-12 11:52 - 2014-04-12 11:38 - 00020918 _____ () C:\zoek-results.log
2014-04-12 11:52 - 2014-04-11 09:08 - 00000224 _____ () C:\Windows\setupact.log
2014-04-12 11:52 - 2013-08-20 12:23 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-04-12 11:52 - 2013-06-01 22:25 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-04-12 11:52 - 2013-06-01 19:34 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-04-12 11:52 - 2013-06-01 19:29 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-12 11:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-12 11:51 - 2014-04-12 10:47 - 00000890 _____ () C:\Windows\PFRO.log
2014-04-12 11:47 - 2014-04-12 11:37 - 00000000 ____D () C:\zoek_backup
2014-04-12 11:47 - 2013-06-01 19:03 - 00000000 ____D () C:\Users\Shooty
2014-04-12 11:37 - 2014-04-12 11:50 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-12 11:36 - 2014-04-12 11:36 - 01285120 _____ () C:\Users\Shooty\Desktop\zoek.exe
2014-04-12 10:46 - 2014-04-12 10:45 - 00000000 ____D () C:\AdwCleaner
2014-04-12 10:26 - 2014-04-12 10:26 - 01426178 _____ () C:\Users\Shooty\Desktop\adwcleaner.exe
2014-04-12 10:25 - 2014-04-12 10:25 - 00000000 ____D () C:\Windows\ERUNT
2014-04-12 10:24 - 2014-04-12 10:24 - 01016261 _____ (Thisisu) C:\Users\Shooty\Desktop\JRT.exe
2014-04-12 10:04 - 2014-04-12 10:02 - 00000000 ____D () C:\rsit
2014-04-12 10:04 - 2014-04-12 10:02 - 00000000 ____D () C:\Program Files\trend micro
2014-04-12 10:02 - 2014-04-12 10:02 - 00935175 _____ () C:\Users\Shooty\Downloads\RSITx64.exe
2014-04-12 09:38 - 2014-04-12 09:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-12 09:37 - 2014-04-12 09:37 - 02347384 _____ (ESET) C:\Users\Shooty\Downloads\esetsmartinstaller_csy.exe
2014-04-11 09:08 - 2014-04-11 09:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-10 19:24 - 2014-04-08 15:46 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Updater
2014-04-10 19:24 - 2014-03-21 22:42 - 00000000 ____D () C:\Users\Shooty\AppData\Local\31eb9ad1-7f66-4620-0dc1-7a1d7e816373
2014-04-10 19:24 - 2014-03-21 22:04 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-04-10 19:24 - 2014-02-23 19:35 - 00000000 ____D () C:\giminer
2014-04-10 19:24 - 2014-02-23 18:48 - 00000000 ____D () C:\Users\Shooty\Downloads\guiminer
2014-04-10 19:24 - 2014-02-23 13:31 - 00000000 ____D () C:\Users\andrej
2014-04-10 19:24 - 2014-02-18 17:19 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\DOXXBet
2014-04-10 19:24 - 2014-01-05 19:35 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-04-10 19:24 - 2014-01-02 20:11 - 00000000 ____D () C:\Program Files (x86)\DVD Shrink
2014-04-10 19:24 - 2014-01-02 19:16 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9
2014-04-10 19:24 - 2013-12-30 18:32 - 00000000 ____D () C:\Users\Shooty\Downloads\Crack
2014-04-10 19:24 - 2013-12-20 13:27 - 00000000 ____D () C:\Program Files (x86)\ParadisePoker
2014-04-10 19:24 - 2013-11-02 16:29 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-04-10 19:24 - 2013-10-11 21:06 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Wargaming.net
2014-04-10 19:24 - 2013-07-06 00:35 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\uTorrent
2014-04-10 19:24 - 2013-06-01 19:44 - 00000000 ____D () C:\Program Files (x86)\PCMeter
2014-04-10 19:24 - 2013-06-01 19:42 - 00000000 ____D () C:\Program Files (x86)\HD Tune Pro
2014-04-10 19:24 - 2013-06-01 19:27 - 00000000 ____D () C:\Program Files\WinRAR
2014-04-10 19:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-10 19:23 - 2014-02-20 17:18 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-04-10 19:19 - 2013-06-02 13:38 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Free YouTube to MP3 Converter Studio
2014-04-10 19:07 - 2014-04-10 19:07 - 00000172 _____ () C:\Users\Shooty\Downloads\wot_pref.zip
2014-04-10 18:40 - 2014-04-10 18:40 - 00000000 ____D () C:\Users\andrej\AppData\Roaming\AVAST Software
2014-04-10 18:40 - 2014-02-23 13:32 - 00108232 _____ () C:\Users\andrej\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-10 15:12 - 2014-04-05 14:06 - 01388526 _____ () C:\Users\Shooty\Downloads\vertminer-0.5.2.zip
2014-04-10 15:11 - 2014-02-23 19:09 - 00179065 _____ () C:\Users\Shooty\Downloads\pooler-cpuminer-2.3.2-win64(1).zip
2014-04-10 15:11 - 2014-02-20 14:55 - 07338430 _____ () C:\Users\Shooty\Downloads\cgminer-2.11.4-windows.zip
2014-04-10 15:10 - 2014-02-20 12:23 - 00179065 _____ () C:\Users\Shooty\Downloads\pooler-cpuminer-2.3.2-win64.zip
2014-04-10 15:10 - 2014-01-05 22:54 - 35594542 _____ () C:\Users\Shooty\Downloads\FIFA14-CRACK.3DM.rar
2014-04-10 15:09 - 2014-02-23 19:37 - 20656664 _____ () C:\Users\Shooty\Downloads\guiminer-scrypt_win32_binaries_v0.03(1).zip
2014-04-10 15:09 - 2014-02-23 19:10 - 01029534 _____ () C:\Users\Shooty\Downloads\bfgminer-3.5.7-win64.zip
2014-04-10 15:09 - 2014-02-23 13:23 - 24342204 _____ () C:\Users\Shooty\Downloads\guiminer-scrypt_win32_binaries_v0.04.zip
2014-04-10 15:09 - 2014-02-20 16:13 - 21696145 _____ () C:\Users\Shooty\Downloads\guiminer-scrypt_win32_binaries_v0.03.zip
2014-04-10 14:58 - 2014-04-10 14:58 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\AVAST Software
2014-04-10 14:57 - 2014-04-10 14:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-10 14:57 - 2014-04-10 14:57 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-10 08:55 - 2014-04-09 21:34 - 810045473 ____R () C:\Users\Shooty\Downloads\vbt-sloal.mp4
2014-04-09 22:15 - 2014-03-09 20:26 - 00009524 _____ () C:\Users\Shooty\Documents\TombRaider.log
2014-04-09 21:29 - 2014-04-09 17:14 - 00000000 ____D () C:\Users\Shooty\Downloads\Student Bodies [XXX]
2014-04-08 20:23 - 2013-07-01 23:17 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\DAEMON Tools Lite
2014-04-08 20:23 - 2013-06-27 21:02 - 00000000 ____D () C:\Windows\Minidump
2014-04-08 20:23 - 2013-06-02 04:56 - 00000000 ____D () C:\Windows\Panther
2014-04-08 15:47 - 2013-07-06 19:29 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\vlc
2014-04-08 15:46 - 2014-04-08 15:46 - 00003306 _____ () C:\Windows\System32\Tasks\updater
2014-04-08 15:46 - 2013-09-28 19:33 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\dvdcss
2014-04-07 18:12 - 2014-04-07 18:12 - 00000000 ____D () C:\Users\Shooty\Downloads\peckr.mp4
2014-04-07 17:50 - 2014-04-07 16:17 - 2512269459 ____R () C:\Users\Shooty\Downloads\xcite.-college.rules.15.mp4
2014-04-07 15:25 - 2014-04-07 15:25 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Xilisoft
2014-04-07 15:25 - 2014-04-07 15:25 - 00000000 ____D () C:\Users\Shooty\AppData\Local\Xilisoft
2014-04-07 15:24 - 2014-04-07 15:24 - 00002170 _____ () C:\Users\Public\Desktop\Xilisoft MP4 to DVD Converter.lnk
2014-04-07 15:23 - 2014-04-07 15:23 - 00000000 ____D () C:\ProgramData\Xilisoft
2014-04-07 15:23 - 2014-04-07 15:23 - 00000000 ____D () C:\Program Files (x86)\Xilisoft
2014-04-06 09:39 - 2014-04-06 09:32 - 00000000 ____D () C:\Users\Shooty\Documents\i68Fifa14
2014-04-06 09:31 - 2014-04-06 09:31 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CSEP 14 1.1
2014-04-06 09:29 - 2014-04-06 09:23 - 204311091 _____ () C:\Users\Shooty\Downloads\CSEP14v1_1withFIX.exe
2014-04-05 23:22 - 2014-04-05 23:22 - 03690487 _____ () C:\Users\Shooty\Downloads\FIFA14_Updated_Rosters_05.04.2014_FIFAX.net.zip
2014-04-05 18:41 - 2013-06-01 19:36 - 00108232 _____ () C:\Users\Shooty\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-05 18:41 - 2009-07-14 06:45 - 00417304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 18:34 - 2014-04-05 18:34 - 00438160 _____ () C:\Users\Shooty\Downloads\Performers_Of_The_Year_2014_XXX_DVDRip_x264-CiCXXX.exe
2014-04-04 11:38 - 2014-04-04 11:38 - 00064573 _____ () C:\Users\Shooty\Downloads\Multiload_grabber_V20.zip
2014-03-30 14:46 - 2014-02-20 00:48 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Litecoin
2014-03-30 14:44 - 2014-03-30 14:44 - 00000507 _____ () C:\Users\Public\Desktop\Cabela's Big Game Hunter Pro Hunts.lnk
2014-03-30 10:34 - 2014-03-30 09:30 - 00000000 ____D () C:\Users\Shooty\Downloads\Cabelas.Big.Game.Hunter.Pro.Hunts-RELOADED
2014-03-30 08:51 - 2014-01-05 18:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 13:39 - 2013-09-04 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-03-29 13:28 - 2014-03-29 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 13:14 - 2014-03-29 13:14 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Milestone
2014-03-29 13:12 - 2014-03-29 13:12 - 00000345 _____ () C:\Users\Public\Desktop\MXGP.lnk
2014-03-26 22:46 - 2014-03-25 22:46 - 00000000 ____D () C:\Users\Shooty\Downloads\Banished.x32.x64
2014-03-26 16:17 - 2014-03-26 16:17 - 00000000 ____D () C:\Users\Shooty\Documents\Banished
2014-03-25 22:54 - 2014-03-25 22:54 - 00000000 ____D () C:\Users\Shooty\Desktop\banished
2014-03-25 17:54 - 2014-03-23 18:15 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Tunngle
2014-03-25 15:47 - 2014-03-25 15:47 - 305065377 _____ () C:\Users\Shooty\Desktop\patch Drivable Vehicles machete.zip
2014-03-25 12:12 - 2014-03-25 12:12 - 00031045 _____ () C:\Users\Shooty\Downloads\[kickass.to]dayz.standalone.v.0.42.116002.2014.pc.alpha.torrent
2014-03-25 12:12 - 2014-03-23 18:41 - 00000118 _____ () C:\Users\Shooty\Desktop\Nový textový dokument (3).txt
2014-03-25 11:24 - 2014-03-25 11:24 - 07188536 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\vcredist_x64.exe
2014-03-25 11:24 - 2014-03-25 11:24 - 06498200 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\vcredist_x86(1).exe
2014-03-25 11:24 - 2014-03-25 11:24 - 01415888 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\vcredist_arm.exe
2014-03-25 11:23 - 2014-03-25 11:23 - 02723264 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\vcredist_x86.exe
2014-03-25 11:13 - 2014-03-23 17:51 - 00000000 ____D () C:\Users\Shooty\AppData\Local\DayZ
2014-03-24 23:09 - 2013-06-01 22:34 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-03-24 22:49 - 2014-03-24 22:49 - 05124743 _____ (DayZ.ml Team) C:\Users\Shooty\Downloads\DayZ_update_v1.0.03.exe
2014-03-24 21:37 - 2014-03-24 21:36 - 13987015 _____ () C:\Users\Shooty\Downloads\DayZ SA Multiplayer Crack.zip
2014-03-24 18:20 - 2013-11-22 14:24 - 00000144 _____ () C:\Users\Shooty\Desktop\Nový textový dokument (2).txt
2014-03-24 17:45 - 2014-03-23 18:16 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-03-24 17:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-23 19:28 - 2014-03-23 19:28 - 00014426 _____ () C:\Users\Shooty\Downloads\v28_IP_Finder.bat
2014-03-23 18:15 - 2014-03-23 18:15 - 00000000 ____D () C:\Users\Shooty\Documents\Tunngle
2014-03-23 18:08 - 2014-03-23 18:08 - 04055968 _____ (Tunngle.net GmbH ) C:\Users\Shooty\Downloads\Tunngle_Setup_v4.5.1.4b.exe
2014-03-23 18:07 - 2014-03-23 18:07 - 00944894 _____ () C:\Users\Shooty\Desktop\dayz_alpha_mpfix.rar
2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\ProgramData\LumaEmu_SteamCloud
2014-03-23 17:51 - 2014-03-23 17:51 - 00000000 ____D () C:\Users\Shooty\Documents\DayZ
2014-03-23 16:56 - 2014-03-23 16:56 - 00000000 ____D () C:\Users\Shooty\AppData\Local\Skyrim
2014-03-23 16:56 - 2013-10-19 17:51 - 00000000 ____D () C:\Users\Shooty\Documents\My Games
2014-03-23 16:54 - 2014-03-23 16:54 - 00000667 _____ () C:\Users\Public\Desktop\The Elder Scrolls V Skyrim LE.lnk
2014-03-23 16:29 - 2014-03-22 10:34 - 00000000 ____D () C:\Users\Shooty\Downloads\The Elder Scrolls V Skyrim Legendary Edition - t2k9
2014-03-23 15:37 - 2013-07-01 23:39 - 00000000 ____D () C:\Users\Shooty\AppData\Local\SKIDROW
2014-03-23 15:33 - 2014-03-23 15:33 - 00002938 _____ () C:\Windows\System32\Tasks\{9D83F411-DF10-40A6-8F4C-3A59ECA6ABC8}
2014-03-23 15:33 - 2014-03-23 15:33 - 00002938 _____ () C:\Windows\System32\Tasks\{2E290E47-67CC-4B7F-902F-76BA0B3D35E7}
2014-03-22 11:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-22 00:55 - 2014-03-22 00:55 - 00003008 _____ () C:\Windows\System32\Tasks\{8B90F331-097E-4345-A504-8199225139AB}
2014-03-22 00:54 - 2014-03-22 00:54 - 00003008 _____ () C:\Windows\System32\Tasks\{2094D23A-BD5D-4B3D-8425-4543B025A147}
2014-03-22 00:50 - 2013-06-01 19:31 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-22 00:45 - 2014-03-22 00:39 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\Shooty\Downloads\13-12_win7_win8_64_dd_ccc_whql(1).exe
2014-03-22 00:20 - 2014-03-22 00:20 - 00003142 _____ () C:\Windows\System32\Tasks\{2E47347C-47A9-4F66-9FB6-BBFD90CAE975}
2014-03-22 00:19 - 2014-03-22 00:19 - 00292184 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\dxwebsetup(1).exe
2014-03-22 00:06 - 2014-03-22 00:03 - 108279664 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\directx.exe
2014-03-21 22:59 - 2014-03-21 22:59 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-03-21 22:48 - 2013-06-01 19:30 - 00000000 ____D () C:\Program Files\Google
2014-03-21 22:48 - 2013-06-01 19:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-21 22:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-03-21 22:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-03-21 22:44 - 2013-06-01 19:29 - 00000000 ____D () C:\Users\Shooty\AppData\Local\Google
2014-03-21 22:44 - 2013-06-01 19:29 - 00000000 ____D () C:\ProgramData\Google
2014-03-21 22:40 - 2014-03-21 22:40 - 00450328 _____ () C:\Users\Shooty\Downloads\Agricultural_Simulator_2013_SKIDROW.exe
2014-03-21 22:34 - 2013-10-19 15:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-21 22:09 - 2014-03-21 22:08 - 45099266 _____ () C:\Users\Shooty\Downloads\DirectX_11_Technology_Update_US.zip
2014-03-21 22:05 - 2014-03-21 22:05 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\library_dir
2014-03-21 22:04 - 2014-03-21 22:04 - 01007930 _____ () C:\Users\Shooty\Downloads\amddriverdownload_installer.exe
2014-03-21 21:41 - 2014-03-21 21:41 - 00000000 ____D () C:\Users\Shooty\Downloads\Agricultural.Simulator.2013-SKIDROW
2014-03-21 21:37 - 2014-03-21 21:37 - 01218772 _____ () C:\Users\Shooty\Downloads\AGRICULTURAL.SIMULATOR.2K13.V1.0.ALL.SKIDROW.NODVD.ZIP
2014-03-21 21:31 - 2014-03-21 21:30 - 01244829 _____ () C:\Users\Shooty\Downloads\Farming-Simulator-2013-Crack-(HeadShot.cz).zip
2014-03-21 21:12 - 2014-03-21 21:12 - 00292184 _____ (Microsoft Corporation) C:\Users\Shooty\Downloads\dxwebsetup.exe
2014-03-21 21:05 - 2014-03-21 21:05 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-21 21:05 - 2013-06-01 19:26 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-21 21:04 - 2014-03-21 21:03 - 28080640 _____ () C:\Users\Shooty\Downloads\PhysX-9.13.0604-SystemSoftware.msi
2014-03-21 20:58 - 2014-03-21 20:58 - 00003008 _____ () C:\Windows\System32\Tasks\{FA6AA6BD-A56D-43FF-A22D-103E5C6E978F}
2014-03-21 20:55 - 2014-03-21 20:55 - 00686456 _____ ( ) C:\Users\Shooty\Downloads\nvidia-physx.exe
2014-03-21 20:43 - 2014-03-21 20:43 - 00003008 _____ () C:\Windows\System32\Tasks\{EFA0E45C-5BDE-4711-9ADC-1BB49250665B}
2014-03-21 20:43 - 2014-03-21 20:43 - 00003008 _____ () C:\Windows\System32\Tasks\{E340860C-039A-4E33-B825-5D9F5737C54C}
2014-03-21 20:40 - 2014-03-21 20:40 - 00061440 _____ () C:\Users\Shooty\Downloads\Crack-na-farming-simulator-2013.iso
2014-03-21 17:17 - 2014-03-21 17:17 - 00000000 ____D () C:\Users\Shooty\Documents\Assassin's Creed Freedom Cry
2014-03-21 17:11 - 2013-10-26 12:20 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-03-21 17:11 - 2013-10-26 12:20 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-03-21 17:11 - 2013-10-26 12:20 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-03-21 17:11 - 2013-10-26 12:20 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-03-21 17:11 - 2013-10-26 12:20 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-03-21 17:00 - 2014-03-21 17:00 - 00000677 _____ () C:\Users\Public\Desktop\Assassins Creed Freedom Cry (2014) - Repack by Danik1B9.lnk
2014-03-20 23:50 - 2014-03-20 23:06 - 1527250944 ____R () C:\Users\Shooty\Downloads\Traktor Simulator 4 CZ - t2k9.iso
2014-03-20 21:17 - 2014-03-20 19:30 - 00000000 ____D () C:\Users\Shooty\Documents\ConvertXtoDVD
2014-03-20 19:44 - 2014-01-02 19:32 - 00000000 ____D () C:\ProgramData\vsosdk
2014-03-20 19:29 - 2014-03-20 19:28 - 00000000 ____D () C:\ProgramData\VSO
2014-03-20 19:28 - 2014-03-20 19:28 - 00099384 _____ () C:\Users\Shooty\AppData\Roaming\inst.exe
2014-03-20 19:28 - 2014-03-20 19:28 - 00082816 _____ (VSO Software) C:\Users\Shooty\AppData\Roaming\pcouffin.sys
2014-03-20 19:28 - 2014-03-20 19:28 - 00007859 _____ () C:\Users\Shooty\AppData\Roaming\pcouffin.cat
2014-03-20 19:28 - 2014-03-20 19:28 - 00001228 _____ () C:\Users\Shooty\Desktop\ConvertXToDVD 5.lnk
2014-03-20 19:28 - 2014-03-20 19:28 - 00000055 _____ () C:\Users\Shooty\AppData\Roaming\pcouffin.log
2014-03-20 19:28 - 2014-03-20 19:28 - 00000000 ____D () C:\Users\Shooty\Documents\PcSetup
2014-03-20 19:28 - 2014-03-20 19:28 - 00000000 ____D () C:\Program Files (x86)\VSO
2014-03-20 19:28 - 2014-03-20 19:27 - 31830344 _____ (VSO Software ) C:\Users\Shooty\Downloads\vsoConvertXtoDVD5_setup.exe
2014-03-20 17:33 - 2014-03-20 17:33 - 00000000 ____D () C:\Saves
2014-03-20 17:33 - 2014-03-20 14:36 - 00000000 ____D () C:\Users\Shooty\Documents\Assassin's Creed Liberation HD
2014-03-19 17:17 - 2014-03-19 17:17 - 00000657 _____ () C:\Users\Public\Desktop\Assassin's Creed Liberation HD.lnk
2014-03-19 12:35 - 2013-06-01 19:03 - 00001383 _____ () C:\Users\Shooty\Desktop\Internet Explorer.lnk
2014-03-18 23:56 - 2014-03-18 18:32 - 00000000 ____D () C:\Users\Shooty\Downloads\Assassins.Creed.Liberation.HD-SKIDROW
2014-03-18 17:29 - 2014-03-18 17:29 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box
2014-03-18 15:20 - 2014-03-18 14:23 - 00000000 ____D () C:\Users\Shooty\Downloads\Assassin's Creed Freedom Cry
2014-03-17 20:15 - 2014-03-17 20:15 - 00000000 ____D () C:\Users\Shooty\Documents\Thief
2014-03-17 18:04 - 2014-03-17 18:04 - 00000762 _____ () C:\Users\Public\Desktop\Thief x64.lnk
2014-03-17 02:25 - 2014-03-16 19:28 - 00000000 ____D () C:\Users\Shooty\Downloads\Thief
2014-03-16 18:41 - 2014-03-16 18:41 - 00000685 _____ () C:\Users\Public\Desktop\Lost Planet 3.lnk
2014-03-16 00:43 - 2014-03-14 23:16 - 00000000 ____D () C:\Users\Shooty\Downloads\Lost Planet 3
2014-03-15 10:35 - 2014-03-15 10:29 - 00000000 ____D () C:\Program Files (x86)\Deadfall Adventures
2014-03-15 00:24 - 2014-03-14 23:29 - 00000000 ____D () C:\Users\Shooty\Downloads\Deadfall Adventures (CZ.MULTi7) [Repack] by 'Teag

Some content of TEMP:
====================
C:\Users\Shooty\AppData\Local\Temp\svchost.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 15:38




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:292.97 GB) (Free:38.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:638.53 GB) (Free:304.36 GB) NTFS
Drive f: (Cabela's Big Gam) (CDROM) (Total:3.57 GB) (Free:0 GB) CDFS

Available physical RAM: 14135.19 MB
Total physical RAM: 16365.24 MB
Percentage of memory in use: 13%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 39C439C3)
Partition 1: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=639 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\updater.job => C:\Users\Shooty\AppData\Roaming\Updater\updater_task.dll

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:302A9871

==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Shooty\Desktop" je 1022 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC
C:\Users\Shooty\Desktop\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2014
Ran by Shooty at 2014-04-12 12:56:38
Running from C:\Users\Shooty\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)
«Need For Speed Rivals» 1.2.0.0 (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}_is1) (Version: 1.2.0.0 - EA Gamed)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.50 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.50 - FinalWire Ltd.)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Název společnosti:) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Název společnosti:) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Assassins Creed Freedom Cry (2014) verze 1.0 (HKLM-x32\...\Assassins Creed Freedom Cry (2014)_is1) (Version: 1.0 - Repack by Danik1B9)
Assassins Creed IV Black Flag (HKLM-x32\...\{65C2799C-BEE1-4AB7-82D5-751B9F670767}) (Version: 6.0 - Black Box)
Assassin's Creed Liberation HD (HKLM-x32\...\Assassin's Creed Liberation HD_is1) (Version: - )
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.0 - Electronic Arts)
Cabela's Big Game Hunter Pro Hunts (HKLM-x32\...\Q2FiZWxhc0JpZ0dhbWVIdW50ZXJQcm9IdW50cw==_is1) (Version: 1 - )
Call of Duty Black Ops II v1.0.0.1 (HKLM-x32\...\Call of Duty Black Ops II_is1) (Version: 1.0.0.1 - Treyarch)
Call of Duty Ghosts (HKLM-x32\...\Q2FsbG9mRHV0eUdob3N0cw==_is1) (Version: 1 - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Counter-Strike 1.6 (HKLM-x32\...\{13B792AA-C078-43A4-8A3A-8B12D629940D}) (Version: 1.00.0000 - )
CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crysis 3 v1.0.0.1 (HKLM-x32\...\Crysis 3_is1) (Version: - )
CrystalDiskInfo 5.5.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.5.1 - Crystal Dew World)
CSEP 14 1.1 (HKCU\...\CSEP 14 1.1) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Deadfall Adventures verzia 1.0u2 (HKLM-x32\...\Deadfall Adventures_is1) (Version: 1.0u2 - CzTorrent.net)
DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
Dishonored verze 1.2 (HKLM-x32\...\{E52B76E9-F6DE-4EF1-BAFD-1684B037C7FA}_is1) (Version: 1.2 - tomi2k9)
DOXXbet 1.0.0 (HKLM-x32\...\DOXXbet_is1) (Version: 1.0.0 - DOXXbet)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVDFab 9.1.1.1 (29/11/2013) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Easy Tune 6 B13.0323.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.0323.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
F1 2013 verzia 1.0 (HKLM-x32\...\F1 2013_is1) (Version: 1.0 - CzTorrent.net)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.2 - Electronic Arts)
FIFA 14 1.2 (HKLM-x32\...\FIFA 14_is1) (Version: - )
File Master Version 14.0 (HKLM-x32\...\File Master_is1) (Version: - FIFA MASTER)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
HD Tune Pro 5.00 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Java(TM) SE Runtime Environment 6 Update 1 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Just Cause 2 1.20 (HKLM-x32\...\Just Cause 2 1.20) (Version: - )
KtLauncher (HKCU\...\Megatonn) (Version: - )
L.A. Noire verzia 1.3.2617 (HKLM-x32\...\L.A. Noire_is1) (Version: 1.3.2617 - CzTorrent.net)
Left 4 Dead v1.0.0.5 (HKLM-x32\...\Left 4 Dead_is1) (Version: - )
Litecoin (HKCU\...\Litecoin) (Version: 0.8.6.2 - Litecoin project)
Lost Planet 3 1.0 (HKLM-x32\...\Lost Planet 3_is1) (Version: - )
Max Payne 3 (HKLM-x32\...\Max Payne 3_is1) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Medal of Honor Warfighter v1.0.0.2 (HKLM-x32\...\{1040143F-FEFB-4B90-8E51-E47D40E14C4E}_is1) (Version: 1.0.0.2 - EA Games)
Metro Last Light (HKLM-x32\...\Metro Last Light_is1) (Version: - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830 (HKLM\...\{122B909F-9DCF-360E-91E7-0679E033FBE1}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830 (HKLM\...\{083808D6-6235-37A8-82C1-98D226EB681F}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830 (HKLM-x32\...\{F68B404C-0E04-337F-A132-796508EE337A}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830 (HKLM-x32\...\{50AF8559-F490-381F-A6E7-06A07DE227DC}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 sk) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 sk)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MXGP (HKLM-x32\...\TVhHUA==_is1) (Version: 1 - )
NVIDIA PhysX (HKLM-x32\...\{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}) (Version: 9.13.0604 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
ParadisePoker (HKLM-x32\...\ParadisePoker ) (Version: - Boss Media AB)
Pazera Free MP4 to AVI Converter 1.6 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Pazera Jacek)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Pro Evolution Soccer 2014 (HKLM-x32\...\{5EFD3544-2371-4900-8ACA-F157BA80FB0C}) (Version: 1.00.0000 - KONAMI)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Resident Evil 6 verzia 1.0.6.165 (HKLM-x32\...\Resident Evil 6_is1) (Version: 1.0.6.165 - CzTorrent.net)
Resident Evil Revelations verzia 1.0u1 (HKLM-x32\...\Resident Evil Revelations_is1) (Version: 1.0u1 - CzTorrent.net)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Rosters (HKCU\...\Rosters) (Version: - )
Sniper Elite V2 1.0 (HKLM-x32\...\Sniper Elite V2_is1) (Version: - ea)
Sniper Ghost Warrior 2 1.09 (HKLM-x32\...\Sniper Ghost Warrior 2_is1) (Version: - )
Splinter Cell - Blacklist 1.01 (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}_is1) (Version: - )
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls V Skyrim LE (HKLM-x32\...\The Elder Scrolls V Skyrim LE_is1) (Version: - )
Thief (HKLM-x32\...\Thief_is1) (Version: 4107.3 - Eidos)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.01 - Ubisoft)
Tomb Raider (HKLM-x32\...\Tomb Raider_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
USB PnP Sound Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.12 - VSO Software)
Windows 7 Codec Pack 4.0.3 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.3 - Windows 7 Codec Pack)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
Xilisoft MP4 to DVD Converter (HKLM-x32\...\Xilisoft MP4 to DVD Converter) (Version: 7.1.3.20121219 - Xilisoft)

==================== Restore Points =========================

10-04-2014 12:57:32 avast! antivirus system restore point
10-04-2014 17:02:13 Removed Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
10-04-2014 17:03:22 Removed Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
10-04-2014 17:04:03 Removed Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
10-04-2014 17:04:48 Odstránené Microsoft Visual C++ 2005 Redistributable
10-04-2014 17:05:32 Odstránené Microsoft Visual C++ 2005 Redistributable
10-04-2014 17:05:55 Odstránené Microsoft Visual C++ 2005 Redistributable (x64)
10-04-2014 17:22:04 Operácia obnovovania
12-04-2014 09:38:07 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-04-12 11:38 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04D28229-B053-4C31-9E83-B05935F52EB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {0C336C65-A313-4068-B385-0A542647F98B} - System32\Tasks\{2094D23A-BD5D-4B3D-8425-4543B025A147} => D:\Agricultural Simulator 2013 - Steam Edition\agrarsimulator2013.exe
Task: {0CB60480-D23E-4035-88DF-73AAD67743A9} - System32\Tasks\{EFA0E45C-5BDE-4711-9ADC-1BB49250665B} => D:\Agricultural Simulator 2013 - Steam Edition\agrarsimulator2013.exe
Task: {0F9AAB91-0901-4B2F-836A-508B8C04C756} - System32\Tasks\updater => Rundll32.exe "C:\Users\Shooty\AppData\Roaming\Updater\updater_task.dll",schedule_task
Task: {26428303-4FA2-42C2-A6AA-B4A539C5DF56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01] (Google Inc.)
Task: {37D9BF0E-B246-4AC6-BA76-761E9F0EC2C1} - System32\Tasks\{E340860C-039A-4E33-B825-5D9F5737C54C} => D:\Agricultural Simulator 2013 - Steam Edition\agrarsimulator2013.exe
Task: {60A5B590-0128-4992-A66A-9AB08FD81CBC} - System32\Tasks\{FA6AA6BD-A56D-43FF-A22D-103E5C6E978F} => D:\Agricultural Simulator 2013 - Steam Edition\agrarsimulator2013.exe
Task: {A074C8E5-0476-4628-AE7D-93AFBCA6C472} - System32\Tasks\{9D83F411-DF10-40A6-8F4C-3A59ECA6ABC8} => D:\State of Decay\StateOfDecay.exe
Task: {B9B7B94D-154F-4289-8268-C738A9448F99} - System32\Tasks\PCMeter\Startup => C:\Program Files (x86)\PCMeter\PCMeterV0.3.exe [2012-08-25] (AddGadgets)
Task: {C002B41C-9F9A-4700-941B-47331E3FB289} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {E00F17EA-83F9-4683-87CC-E7267E930D58} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {E2C608B5-1EDC-4B13-B41E-0B4BEB9F43F7} - System32\Tasks\{8B90F331-097E-4345-A504-8199225139AB} => D:\Agricultural Simulator 2013 - Steam Edition\agrarsimulator2013.exe
Task: {EE3B525F-94AF-469E-905A-B036E8550E37} - System32\Tasks\{2E290E47-67CC-4B7F-902F-76BA0B3D35E7} => D:\State of Decay\StateOfDecay.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\updater.job => C:\Users\Shooty\AppData\Roaming\Updater\updater_task.dll

==================== Loaded Modules (whitelisted) =============

2013-06-01 19:27 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-01-13 14:04 - 2012-01-13 14:04 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2006-09-19 09:07 - 2006-09-19 09:07 - 00827392 _____ () C:\Windows\vsnpstd3.exe
2013-06-24 16:21 - 2013-06-24 16:21 - 00012520 _____ () C:\Users\Shooty\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2013-06-24 16:21 - 2013-06-24 16:21 - 00015080 _____ () C:\Users\Shooty\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2013-06-24 16:21 - 2013-06-24 16:21 - 00014056 _____ () C:\Users\Shooty\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2014-03-26 18:02 - 2014-03-26 18:02 - 00193536 _____ () C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\mst.exe
2013-06-01 19:20 - 2012-05-11 09:46 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-06-01 19:20 - 2012-05-11 09:46 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-04-08 15:46 - 2014-04-08 15:46 - 00395264 _____ () C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\cpu\cpu.exe
2014-04-08 15:46 - 2014-04-08 15:46 - 00216576 _____ () C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\cpu\libcurl-4.dll
2014-04-08 15:46 - 2014-04-08 15:46 - 00095744 _____ () C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\cpu\zlib1.dll
2013-03-23 10:19 - 2013-03-23 10:19 - 02883651 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2013-01-25 17:43 - 2013-01-25 17:43 - 00651331 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2013-02-01 13:26 - 2013-02-01 13:26 - 01331266 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 15:22 - 2008-05-07 15:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2012-05-08 15:01 - 2012-05-08 15:01 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
2012-11-27 15:03 - 2012-11-27 15:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2010-06-24 15:50 - 2010-06-24 15:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
2011-03-01 19:00 - 2011-03-01 19:00 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
2011-10-18 09:26 - 2011-10-18 09:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
2013-02-01 13:23 - 2013-02-01 13:23 - 01499204 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2013-03-05 18:45 - 2013-03-05 18:45 - 01335362 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2013-03-23 10:59 - 2013-03-23 10:59 - 01433674 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 14:11 - 2003-02-14 14:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2012-12-25 15:14 - 2012-12-25 15:14 - 01318988 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2012-09-24 01:49 - 2012-09-24 01:49 - 03854336 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2012-09-24 01:49 - 2012-09-24 01:49 - 00573440 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2013-01-09 17:26 - 2013-01-09 17:26 - 00307200 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL
2014-03-29 13:28 - 2014-03-29 13:28 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:302A9871

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: RGSC => C:\Users\Shooty\Desktop\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2014 11:52:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 10:47:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/12/2014 11:52:39 AM) (Source: Service Control Manager) (User: )
Description: Spustenie služby WinRing0_1_2_0 zlyhalo kvôli nasledujúcej chybe:
%%2

Error: (04/12/2014 11:52:37 AM) (Source: Service Control Manager) (User: )
Description: Počas čakania na pripojenie služby Fast And Safe bol dosiahnutý časový limit (30000 ms).

Error: (04/12/2014 11:47:40 AM) (Source: Service Control Manager) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (04/12/2014 11:47:40 AM) (Source: Service Control Manager) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (04/12/2014 11:47:39 AM) (Source: Service Control Manager) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (04/12/2014 11:47:39 AM) (Source: Service Control Manager) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (04/12/2014 11:47:38 AM) (Source: Service Control Manager) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (04/12/2014 10:47:34 AM) (Source: Service Control Manager) (User: )
Description: Spustenie služby WinRing0_1_2_0 zlyhalo kvôli nasledujúcej chybe:
%%2


Microsoft Office Sessions:
=========================
Error: (04/12/2014 11:52:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 10:47:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 16365.24 MB
Available physical RAM: 14135.19 MB
Total Pagefile: 32728.66 MB
Available Pagefile: 30343.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.97 GB) (Free:38.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:638.53 GB) (Free:304.36 GB) NTFS
Drive f: (Cabela's Big Gam) (CDROM) (Total:3.57 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 39C439C3)
Partition 1: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=639 GB) - (Type=OF Extended)

==================== End Of Log ============================

Jen se jeste zeptam, pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna domaci verze

samozrejme je legalni , chcel by som sa spytat ako to vyzera s mojim compom lebo ked som si robil posledne test tak som mal infikovanych suborov cez 400

Je tam toho hodne, postupne to likvidujem

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe [83608 2007-03-14] (Sun Microsystems, Inc.)
  HKLM-x32\...\RunOnce: [EasyTuneVI] - C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [102400 2014-03-21] ()
  HKLM-x32\...\Winlogon: [Userinit] userinit.exe,d:\agricultural simulator 2013 - steam edition\agrarsimulator2013srvsrv.exe,c:\program files (x86)\microsoft\desktoplayer.exe,c:\users\shooty\appdata\local\31eb9ad1-7f66-4620-0dc1-7a1d7e816373\31eb9ad1-7f66-4620-0dc1-7a1d7e816373srv.exe [X]
  HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
  HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\Run: [Raptr] - C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-03-28] (Raptr, Inc)
  HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\Run: [Torntv Downloader] - C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup
  HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\Run: [Microsoft Application Manager] - C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\mst.exe [193536 2014-03-26] ()
  HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\MountPoints2: {732d425c-e25a-11e2-be4f-902b34a87ad2} - F:\setup.exe
  AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
  AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
  GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x87A456B3EE5ECE01
  StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
  SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
  SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
  
  S2 64af91bf; "C:\Windows\system32\rundll32.exe" "c:\progra~3\fastan~1\FastAndSafeSvc.dll",service
  S4 NVHDA; system32\drivers\nvhda64v.sys [X]
  S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
  S3 VGPU; System32\drivers\rdvgkmd.sys [X]
  R3 WinRing0_1_2_0; \??\C:\Users\Shooty\AppData\Local\Temp\tmp6CA6.tmp [X]
  S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
  
  2014-04-12 12:54 - 2014-04-12 12:54 - 00112640 _____ (forum.viry.cz) C:\Users\Shooty\Desktop\FRSTLauncher.exe
  2014-04-12 11:50 - 2014-04-12 11:37 - 00024064 _____ () C:\Windows\zoek-delete.exe
  2014-04-12 11:38 - 2014-04-12 11:52 - 00020918 _____ () C:\zoek-results.log
  2014-04-12 11:37 - 2014-04-12 11:47 - 00000000 ____D () C:\zoek_backup
  2014-04-12 11:36 - 2014-04-12 11:36 - 01285120 _____ () C:\Users\Shooty\Desktop\zoek.exe
  2014-04-12 10:26 - 2014-04-12 10:26 - 01426178 _____ () C:\Users\Shooty\Desktop\adwcleaner.exe
  2014-04-12 10:24 - 2014-04-12 10:24 - 01016261 _____ (Thisisu) C:\Users\Shooty\Desktop\JRT.exe
  2014-04-12 09:37 - 2014-04-12 09:37 - 02347384 _____ (ESET) C:\Users\Shooty\Downloads\esetsmartinstaller_csy.exe
  2014-04-08 15:46 - 2014-04-12 12:46 - 00000368 _____ () C:\Windows\Tasks\updater.job
  2014-04-08 15:46 - 2014-04-10 19:24 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Updater
  2014-04-08 15:46 - 2014-04-08 15:46 - 00003306 _____ () C:\Windows\System32\Tasks\updater
  2014-03-23 15:33 - 2014-03-23 15:33 - 00002938 _____ () C:\Windows\System32\Tasks\{9D83F411-DF10-40A6-8F4C-3A59ECA6ABC8}
  2014-03-23 15:33 - 2014-03-23 15:33 - 00002938 _____ () C:\Windows\System32\Tasks\{2E290E47-67CC-4B7F-902F-76BA0B3D35E7}
  2014-03-22 00:55 - 2014-03-22 00:55 - 00003008 _____ () C:\Windows\System32\Tasks\{8B90F331-097E-4345-A504-8199225139AB}
  2014-03-22 00:54 - 2014-03-22 00:54 - 00003008 _____ () C:\Windows\System32\Tasks\{2094D23A-BD5D-4B3D-8425-4543B025A147}
  2014-03-22 00:20 - 2014-03-22 00:20 - 00003142 _____ () C:\Windows\System32\Tasks\{2E47347C-47A9-4F66-9FB6-BBFD90CAE975}
  Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\updater.job => C:\Users\Shooty\AppData\Roaming\Updater\updater_task.dll
  
  C:\Users\Shooty\AppData\Roaming\Updater
  c:\progra~3\fastan~1
  C:\Program Files (x86)\TornTV.com
  c:\users\shooty\appdata\local\31eb9ad1-7f66-4620-0dc1-7a1d7e816373
  
  AlternateDataStreams: C:\ProgramData\TEMP:302A9871
  
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC" /f
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2014
Ran by Shooty at 2014-04-12 14:19:57 Run:1
Running from C:\Users\Shooty\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe [83608 2007-03-14] (Sun Microsystems, Inc.)
HKLM-x32\...\RunOnce: [EasyTuneVI] - C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [102400 2014-03-21] ()
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,d:\agricultural simulator 2013 - steam edition\agrarsimulator2013srvsrv.exe,c:\program files (x86)\microsoft\desktoplayer.exe,c:\users\shooty\appdata\local\31eb9ad1-7f66-4620-0dc1-7a1d7e816373\31eb9ad1-7f66-4620-0dc1-7a1d7e816373srv.exe [X]
HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\Run: [Raptr] - C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-03-28] (Raptr, Inc)
HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\Run: [Torntv Downloader] - C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\Run: [Microsoft Application Manager] - C:\Users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\mst.exe [193536 2014-03-26] ()
HKU\S-1-5-21-159684124-426228951-2076769106-1000\...\MountPoints2: {732d425c-e25a-11e2-be4f-902b34a87ad2} - F:\setup.exe
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x87A456B3EE5ECE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}

S2 64af91bf; "C:\Windows\system32\rundll32.exe" "c:\progra~3\fastan~1\FastAndSafeSvc.dll",service
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Shooty\AppData\Local\Temp\tmp6CA6.tmp [X]
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]

2014-04-12 12:54 - 2014-04-12 12:54 - 00112640 _____ (forum.viry.cz) C:\Users\Shooty\Desktop\FRSTLauncher.exe
2014-04-12 11:50 - 2014-04-12 11:37 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-12 11:38 - 2014-04-12 11:52 - 00020918 _____ () C:\zoek-results.log
2014-04-12 11:37 - 2014-04-12 11:47 - 00000000 ____D () C:\zoek_backup
2014-04-12 11:36 - 2014-04-12 11:36 - 01285120 _____ () C:\Users\Shooty\Desktop\zoek.exe
2014-04-12 10:26 - 2014-04-12 10:26 - 01426178 _____ () C:\Users\Shooty\Desktop\adwcleaner.exe
2014-04-12 10:24 - 2014-04-12 10:24 - 01016261 _____ (Thisisu) C:\Users\Shooty\Desktop\JRT.exe
2014-04-12 09:37 - 2014-04-12 09:37 - 02347384 _____ (ESET) C:\Users\Shooty\Downloads\esetsmartinstaller_csy.exe
2014-04-08 15:46 - 2014-04-12 12:46 - 00000368 _____ () C:\Windows\Tasks\updater.job
2014-04-08 15:46 - 2014-04-10 19:24 - 00000000 ____D () C:\Users\Shooty\AppData\Roaming\Updater
2014-04-08 15:46 - 2014-04-08 15:46 - 00003306 _____ () C:\Windows\System32\Tasks\updater
2014-03-23 15:33 - 2014-03-23 15:33 - 00002938 _____ () C:\Windows\System32\Tasks\{9D83F411-DF10-40A6-8F4C-3A59ECA6ABC8}
2014-03-23 15:33 - 2014-03-23 15:33 - 00002938 _____ () C:\Windows\System32\Tasks\{2E290E47-67CC-4B7F-902F-76BA0B3D35E7}
2014-03-22 00:55 - 2014-03-22 00:55 - 00003008 _____ () C:\Windows\System32\Tasks\{8B90F331-097E-4345-A504-8199225139AB}
2014-03-22 00:54 - 2014-03-22 00:54 - 00003008 _____ () C:\Windows\System32\Tasks\{2094D23A-BD5D-4B3D-8425-4543B025A147}
2014-03-22 00:20 - 2014-03-22 00:20 - 00003142 _____ () C:\Windows\System32\Tasks\{2E47347C-47A9-4F66-9FB6-BBFD90CAE975}
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\updater.job => C:\Users\Shooty\AppData\Roaming\Updater\updater_task.dll

C:\Users\Shooty\AppData\Roaming\Updater
c:\progra~3\fastan~1
C:\Program Files (x86)\TornTV.com
c:\users\shooty\appdata\local\31eb9ad1-7f66-4620-0dc1-7a1d7e816373

AlternateDataStreams: C:\ProgramData\TEMP:302A9871

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC" /f

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\EasyTuneVI => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKU\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Raptr => Value deleted successfully.
HKU\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Torntv Downloader => Value deleted successfully.
HKU\S-1-5-21-159684124-426228951-2076769106-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Application Manager => Value deleted successfully.
HKU\S-1-5-21-159684124-426228951-2076769106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{732d425c-e25a-11e2-be4f-902b34a87ad2} => Key deleted successfully.
HKCR\CLSID\{732d425c-e25a-11e2-be4f-902b34a87ad2} => Key not found.
"C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL" => Value Data removed successfully.
"c:\progra~3\fastan~1\fastan~1.dll" => Value Data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
64af91bf => Service deleted successfully.
NVHDA => Service deleted successfully.
nvlddmkm => Service deleted successfully.
VGPU => Service deleted successfully.
WinRing0_1_2_0 => Unable to stop service
WinRing0_1_2_0 => Service deleted successfully.
XFDriver64 => Service deleted successfully.
C:\Users\Shooty\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Shooty\Desktop\zoek.exe => Moved successfully.
C:\Users\Shooty\Desktop\adwcleaner.exe => Moved successfully.
C:\Users\Shooty\Desktop\JRT.exe => Moved successfully.
C:\Users\Shooty\Downloads\esetsmartinstaller_csy.exe => Moved successfully.
C:\Windows\Tasks\updater.job => Moved successfully.
C:\Users\Shooty\AppData\Roaming\Updater => Moved successfully.
C:\Windows\System32\Tasks\updater => Moved successfully.
C:\Windows\System32\Tasks\{9D83F411-DF10-40A6-8F4C-3A59ECA6ABC8} => Moved successfully.
C:\Windows\System32\Tasks\{2E290E47-67CC-4B7F-902F-76BA0B3D35E7} => Moved successfully.
C:\Windows\System32\Tasks\{8B90F331-097E-4345-A504-8199225139AB} => Moved successfully.
C:\Windows\System32\Tasks\{2094D23A-BD5D-4B3D-8425-4543B025A147} => Moved successfully.
C:\Windows\System32\Tasks\{2E47347C-47A9-4F66-9FB6-BBFD90CAE975} => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\updater.job not found.
"C:\Users\Shooty\AppData\Roaming\Updater" => File/Directory not found.
"c:\progra~3\fastan~1" => File/Directory not found.
"C:\Program Files (x86)\TornTV.com" => File/Directory not found.
C:\Users\Shooty\AppData\Local\31eb9ad1-7f66-4620-0dc1-7a1d7e816373 => Moved successfully.
C:\ProgramData\TEMP => ":302A9871" ADS removed successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC" /f =========

Oper cia sa Łspeçne dokonźila.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 14-04-12.01 - Shooty . 04. 2014 16:02:13.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.16365.13599 [GMT 2:00]
Running from: c:\users\Shooty\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Microsoft\DesktopLayer.exe
c:\program files (x86)\Microsoft\DesktopLayerSrv.exe
c:\users\Shooty\AppData\Local\Msgbox.exe
c:\users\Shooty\AppData\Roaming\inst.exe
c:\users\Shooty\AppData\Roaming\poclbm
c:\users\Shooty\AppData\Roaming\poclbm\poclbm.ini
c:\users\Shooty\AppData\Roaming\poclbm\poclbm_scrypt.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-03-12 to 2014-04-12 )))))))))))))))))))))))))))))))
.
.
2014-04-12 14:06 . 2014-04-12 14:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-12 14:06 . 2014-04-12 14:06 -------- d-----w- c:\users\andrej\AppData\Local\temp
2014-04-12 10:55 . 2014-04-12 12:20 -------- d-----w- C:\FRST
2014-04-12 09:50 . 2014-04-12 14:06 -------- d-----w- c:\users\Shooty\AppData\Local\Temp
2014-04-12 08:45 . 2014-04-12 08:46 -------- d-----w- C:\AdwCleaner
2014-04-12 08:25 . 2014-04-12 08:25 -------- d-----w- c:\windows\ERUNT
2014-04-12 08:02 . 2014-04-12 08:04 -------- d-----w- C:\rsit
2014-04-12 08:02 . 2014-04-12 08:04 -------- d-----w- c:\program files\trend micro
2014-04-12 07:38 . 2014-04-12 07:38 -------- d-----w- c:\program files (x86)\ESET
2014-04-10 16:40 . 2014-04-10 16:40 -------- d-----w- c:\users\andrej\AppData\Roaming\AVAST Software
2014-04-10 12:58 . 2014-04-10 12:58 -------- d-----w- c:\users\Shooty\AppData\Roaming\AVAST Software
2014-04-10 12:57 . 2014-04-10 12:57 -------- d-----w- c:\program files\AVAST Software
2014-04-10 12:57 . 2014-04-10 12:57 -------- d-----w- c:\programdata\AVAST Software
2014-04-08 13:46 . 2014-04-08 13:46 94300 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\ocl\pthreadGC2.dll
2014-04-08 13:46 . 2014-04-08 13:46 598114 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\ocl\cgminer.exe
2014-04-08 13:46 . 2014-04-08 13:46 421512 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\ocl\libcurl.dll
2014-04-08 13:46 . 2014-04-08 13:46 95744 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\cpu\zlib1.dll
2014-04-08 13:46 . 2014-04-08 13:46 77312 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\cpu\libwinpthread-1.dll
2014-04-08 13:46 . 2014-04-08 13:46 395264 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\cpu\cpu.exe
2014-04-08 13:46 . 2014-04-08 13:46 216576 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\cpu\libcurl-4.dll
2014-04-07 13:25 . 2014-04-07 13:25 -------- d-----w- c:\users\Shooty\AppData\Local\Xilisoft
2014-04-07 13:25 . 2014-04-07 13:25 -------- d-----w- c:\users\Shooty\AppData\Roaming\Xilisoft
2014-04-07 13:23 . 2014-04-07 13:23 -------- d-----w- c:\programdata\Xilisoft
2014-04-07 13:23 . 2014-04-07 13:23 -------- d-----w- c:\program files (x86)\Xilisoft
2014-03-29 11:14 . 2014-03-29 11:14 -------- d-----w- c:\users\Shooty\AppData\Roaming\Milestone
2014-03-26 16:02 . 2014-03-26 16:02 90112 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\stub.exe
2014-03-26 16:02 . 2014-03-26 16:02 193536 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\mst.exe
2014-03-23 16:15 . 2014-03-25 15:54 -------- d-----w- c:\users\Shooty\AppData\Roaming\Tunngle
2014-03-23 16:15 . 2009-09-16 06:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2014-03-23 15:58 . 2014-03-23 15:58 -------- d-----w- c:\programdata\LumaEmu_SteamCloud
2014-03-23 15:51 . 2014-03-25 09:13 -------- d-----w- c:\users\Shooty\AppData\Local\DayZ
2014-03-23 14:56 . 2014-03-23 14:56 -------- d-----w- c:\users\Shooty\AppData\Local\Skyrim
2014-03-21 20:37 . 2013-12-21 09:39 600064 ----a-w- c:\windows\system32\vbscript.dll
2014-03-21 20:37 . 2013-12-21 07:56 523776 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-21 20:30 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-21 20:28 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-21 20:05 . 2014-03-21 20:05 -------- d-----w- c:\users\Shooty\AppData\Roaming\library_dir
2014-03-21 20:05 . 2014-04-12 09:53 -------- d-----w- c:\users\Shooty\AppData\Roaming\Raptr
2014-03-21 20:04 . 2014-04-10 17:24 -------- d-----w- c:\program files (x86)\Raptr
2014-03-21 19:05 . 2014-03-21 19:05 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-03-20 17:28 . 2014-03-20 17:28 82816 ----a-w- c:\users\Shooty\AppData\Roaming\pcouffin.sys
2014-03-20 17:28 . 2014-03-20 17:29 -------- d-----w- c:\programdata\VSO
2014-03-20 17:28 . 2014-03-20 17:28 -------- d-----w- c:\program files (x86)\VSO
2014-03-20 15:33 . 2014-03-20 15:33 -------- d-----w- C:\Saves
2014-03-15 08:29 . 2014-03-15 08:35 -------- d-----w- c:\program files (x86)\Deadfall Adventures
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-12 12:22 . 2013-06-01 17:34 30528 ----a-w- c:\windows\GVTDrv64.sys
2014-04-12 12:22 . 2013-06-01 20:25 25640 ----a-w- c:\windows\gdrv.sys
2014-03-21 15:11 . 2013-10-26 10:20 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-03-21 15:11 . 2013-10-26 10:20 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-03-21 15:11 . 2013-10-26 10:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-03-21 15:11 . 2013-10-26 10:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-03-12 16:45 . 2013-06-01 17:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 16:45 . 2013-06-01 17:48 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-02 13:05 . 2013-06-01 17:02 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-02-20 15:16 . 2014-02-20 15:16 56320 ----a-w- c:\windows\SysWow64\WOWReg32Srv.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-05-11 5119600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2014-03-21 102400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 329944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files (x86)\microsoft\desktoplayer.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2013-01-16 8757248]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Save the YouTube video as MP3 - c:\users\Shooty\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Shooty\AppData\Roaming\Mozilla\Firefox\Profiles\ohg90lin.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-Rosters - c:\users\Shooty\Documents\NHL 2005\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Shooty\AppData\Local\Temp\tmp88AF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,
0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:00,cc,86,b1,4e,2e,cf,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-12 16:08:39
ComboFix-quarantined-files.txt 2014-04-12 14:08
.
Pre-Run: 41 522 155 520 bytes free
Post-Run: 41 089 064 960 bytes free
.
- - End Of File - - 1C3302B12BE16C5BD41B92B060F14A18
A36C5E4F47E84449FF07ED3517B43A31

Odinstalujte McAfee Security Scan Plus

Jaky antivir planujete - Avast nebo ESET??

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\program files (x86)\microsoft\desktoplayer.exe
  
  Registry::
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  "UserInit"="C:\\WINDOWS\\system32\\userinit.exe,"
  
  Driver::
  WinRing0_1_2_0
  
  RegLock::
  [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
  [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ja si nehám poradit od vás dakujem ... ale ESET je spolahlivejší ?

tady je log
ComboFix 14-04-12.01 - Shooty . 04. 2014 16:55:23.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.16365.13522 [GMT 2:00]
Running from: c:\users\Shooty\Desktop\ComboFix.exe
Command switches used :: c:\users\Shooty\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\microsoft\desktoplayer.exe
c:\program files (x86)\Microsoft\DesktopLayerSrv.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINRING0_1_2_0
-------\Service_WinRing0_1_2_0
.
.
((((((((((((((((((((((((( Files Created from 2014-03-12 to 2014-04-12 )))))))))))))))))))))))))))))))
.
.
2014-04-12 15:00 . 2012-05-14 23:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79575742-B7DE-4240-AB5A-66D1A1FA7883}\mpengine.dll
2014-04-12 14:58 . 2014-04-12 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-12 10:55 . 2014-04-12 12:20 -------- d-----w- C:\FRST
2014-04-12 09:50 . 2014-04-12 15:00 -------- d-----w- c:\users\Shooty\AppData\Local\Temp
2014-04-12 08:45 . 2014-04-12 08:46 -------- d-----w- C:\AdwCleaner
2014-04-12 08:25 . 2014-04-12 08:25 -------- d-----w- c:\windows\ERUNT
2014-04-12 08:02 . 2014-04-12 08:04 -------- d-----w- C:\rsit
2014-04-12 08:02 . 2014-04-12 08:04 -------- d-----w- c:\program files\trend micro
2014-04-12 07:38 . 2014-04-12 07:38 -------- d-----w- c:\program files (x86)\ESET
2014-04-10 16:40 . 2014-04-10 16:40 -------- d-----w- c:\users\andrej\AppData\Roaming\AVAST Software
2014-04-10 12:58 . 2014-04-10 12:58 -------- d-----w- c:\users\Shooty\AppData\Roaming\AVAST Software
2014-04-10 12:57 . 2014-04-10 12:57 -------- d-----w- c:\program files\AVAST Software
2014-04-10 12:57 . 2014-04-10 12:57 -------- d-----w- c:\programdata\AVAST Software
2014-04-08 13:46 . 2014-04-08 13:46 94300 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\ocl\pthreadGC2.dll
2014-04-08 13:46 . 2014-04-08 13:46 598114 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\ocl\cgminer.exe
2014-04-08 13:46 . 2014-04-08 13:46 421512 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\ocl\libcurl.dll
2014-04-08 13:46 . 2014-04-08 13:46 95744 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\cpu\zlib1.dll
2014-04-08 13:46 . 2014-04-08 13:46 77312 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\cpu\libwinpthread-1.dll
2014-04-08 13:46 . 2014-04-08 13:46 395264 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\cpu\cpu.exe
2014-04-08 13:46 . 2014-04-08 13:46 216576 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\cpu\libcurl-4.dll
2014-04-07 13:25 . 2014-04-07 13:25 -------- d-----w- c:\users\Shooty\AppData\Local\Xilisoft
2014-04-07 13:25 . 2014-04-07 13:25 -------- d-----w- c:\users\Shooty\AppData\Roaming\Xilisoft
2014-04-07 13:23 . 2014-04-07 13:23 -------- d-----w- c:\programdata\Xilisoft
2014-04-07 13:23 . 2014-04-07 13:23 -------- d-----w- c:\program files (x86)\Xilisoft
2014-03-29 11:14 . 2014-03-29 11:14 -------- d-----w- c:\users\Shooty\AppData\Roaming\Milestone
2014-03-26 16:02 . 2014-03-26 16:02 90112 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\stub.exe
2014-03-26 16:02 . 2014-03-26 16:02 193536 ----a-w- c:\users\Shooty\AppData\Roaming\Microsoft\ApplicationManager\mst.exe
2014-03-23 16:15 . 2014-03-25 15:54 -------- d-----w- c:\users\Shooty\AppData\Roaming\Tunngle
2014-03-23 16:15 . 2009-09-16 06:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2014-03-23 15:58 . 2014-03-23 15:58 -------- d-----w- c:\programdata\LumaEmu_SteamCloud
2014-03-23 15:51 . 2014-03-25 09:13 -------- d-----w- c:\users\Shooty\AppData\Local\DayZ
2014-03-23 14:56 . 2014-03-23 14:56 -------- d-----w- c:\users\Shooty\AppData\Local\Skyrim
2014-03-21 20:37 . 2013-12-21 09:39 600064 ----a-w- c:\windows\system32\vbscript.dll
2014-03-21 20:37 . 2013-12-21 07:56 523776 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-21 20:30 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-21 20:28 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-21 20:05 . 2014-03-21 20:05 -------- d-----w- c:\users\Shooty\AppData\Roaming\library_dir
2014-03-21 20:05 . 2014-04-12 09:53 -------- d-----w- c:\users\Shooty\AppData\Roaming\Raptr
2014-03-21 20:04 . 2014-04-10 17:24 -------- d-----w- c:\program files (x86)\Raptr
2014-03-21 19:05 . 2014-03-21 19:05 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-03-20 17:28 . 2014-03-20 17:28 82816 ----a-w- c:\users\Shooty\AppData\Roaming\pcouffin.sys
2014-03-20 17:28 . 2014-03-20 17:29 -------- d-----w- c:\programdata\VSO
2014-03-20 17:28 . 2014-03-20 17:28 -------- d-----w- c:\program files (x86)\VSO
2014-03-20 15:33 . 2014-03-20 15:33 -------- d-----w- C:\Saves
2014-03-15 08:29 . 2014-03-15 08:35 -------- d-----w- c:\program files (x86)\Deadfall Adventures
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-12 15:01 . 2013-06-01 17:34 30528 ----a-w- c:\windows\GVTDrv64.sys
2014-04-12 15:01 . 2013-06-01 20:25 25640 ----a-w- c:\windows\gdrv.sys
2014-03-21 15:11 . 2013-10-26 10:20 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-03-21 15:11 . 2013-10-26 10:20 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-03-21 15:11 . 2013-10-26 10:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-03-21 15:11 . 2013-10-26 10:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-03-12 16:45 . 2013-06-01 17:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 16:45 . 2013-06-01 17:48 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-02 13:05 . 2013-06-01 17:02 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-02-20 15:16 . 2014-02-20 15:16 56320 ----a-w- c:\windows\SysWow64\WOWReg32Srv.exe
2014-01-16 00:42 . 2014-01-16 00:42 608032 ----a-w- C:\SecurityScanner.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-05-11 5119600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2014-03-21 102400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files (x86)\microsoft\desktoplayer.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2013-01-16 8757248]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Save the YouTube video as MP3 - c:\users\Shooty\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Shooty\AppData\Roaming\Mozilla\Firefox\Profiles\ohg90lin.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Shooty\AppData\Local\Temp\tmp9819.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\GIGABYTE\ET6\GUI.exe
.
**************************************************************************
.
Completion time: 2014-04-12 17:03:47 - machine was rebooted
ComboFix-quarantined-files.txt 2014-04-12 15:03
ComboFix2.txt 2014-04-12 14:08
.
Pre-Run: 41 027 153 920 bytes free
Post-Run: 40 736 116 736 bytes free
.
- - End Of File - - 83558C738168702E1B9A6BBA4904CB72
A36C5E4F47E84449FF07ED3517B43A31