VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

WARNING! Your Flash Player may be out of date,,2

https://forum.viry.cz:443/viewtopic.php?t=137925

Stránka 1 z 2

WARNING! Your Flash Player may be out of date,,2

Napsal: 11 kvě 2014 09:10
od monica2003
dobry den,

mam presne taky isty problem, ako vam to tuto popisal iny uzivatel.. http://forum.viry.cz/viewtopic.php?f=13&t=137885


1. tento krok som uz urobila, ale pri stlaceni Scan, ale po chvili mi vypisalo..pending..pls uncheck elements you dont want to remove.
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

2. uvadzam pozadovany RSIT

dakujem

Logfile of random's system information tool 1.09 (written by random/random)
Run by Princess at 2014-05-11 10:03:40
Microsoft Windows 7 Ultimate
System drive C: has 31 GB (56%) free of 55 GB
Total RAM: 3069 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:04:08, on 11. 5. 2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Princess\Downloads\RSIT.exe
C:\Program Files\trend micro\Princess.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PhilipsDM] C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
O4 - HKCU\..\Run: [Google Update] "C:\Users\Princess\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-903371570-962786371-1426814640-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-903371570-962786371-1426814640-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: syshost32 - Unknown owner - C:\Windows\Installer\{5E414646-5833-4BEC-FC65-BF75DBE2AB43}\syshost.exe (file missing)

--
End of file - 5661 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Driver Robot.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-903371570-962786371-1426814640-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-903371570-962786371-1426814640-1000UA1ce5178ced0eb4b.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Princess\AppData\Roaming\Mozilla\Firefox\Profiles\1uki8sqa.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-04 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2013-11-20 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-04 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-06-20 1316136]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-11-26 5074384]
"PhilipsDM"=C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe [2007-07-05 888832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"UpdateMyDrivers"=C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss []
"Google Update"=C:\Users\Princess\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-02 116648]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2014-04-25 22415552]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-02-10 20922016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-05-11 10:03:40 ----D---- C:\rsit
2014-05-11 10:03:40 ----D---- C:\Program Files\trend micro
2014-05-11 09:43:25 ----D---- C:\AdwCleaner
2014-05-11 09:41:25 ----A---- C:\Windows\system32\sqlite3.dll
2014-05-11 08:21:14 ----D---- C:\Windows\system32\MpEngineStore
2014-05-10 10:03:39 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-05-10 06:04:27 ----D---- C:\ProgramData\McAfee
2014-05-09 21:08:48 ----D---- C:\Program Files\Mozilla Firefox
2014-05-09 20:19:28 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-05-09 19:15:22 ----SHD---- C:\Config.Msi
2014-05-05 18:48:07 ----N---- C:\bootsqm.dat

======List of files/folders modified in the last 1 month======

2014-05-11 10:03:56 ----D---- C:\Windows\temp
2014-05-11 10:03:40 ----RD---- C:\Program Files
2014-05-11 09:50:02 ----D---- C:\Windows\System32
2014-05-11 09:50:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-11 09:50:01 ----D---- C:\Windows\inf
2014-05-11 09:44:09 ----HD---- C:\ProgramData
2014-05-11 09:40:38 ----D---- C:\ATI
2014-05-11 09:40:10 ----D---- C:\Users\Princess\AppData\Roaming\vlc
2014-05-11 09:38:13 ----D---- C:\Users\Princess\AppData\Roaming\Skype
2014-05-11 08:36:38 ----D---- C:\Windows\system32\config
2014-05-11 08:23:09 ----D---- C:\Windows\system32\drivers
2014-05-11 06:50:20 ----D---- C:\Program Files\SpeedFan
2014-05-11 06:34:09 ----D---- C:\Windows\debug
2014-05-10 12:30:08 ----D---- C:\Windows\system32\NDF
2014-05-10 10:26:18 ----D---- C:\Windows\Prefetch
2014-05-10 10:04:00 ----D---- C:\Program Files\Google
2014-05-10 09:50:22 ----D---- C:\Windows\Tasks
2014-05-10 09:50:22 ----D---- C:\Windows\system32\Tasks
2014-05-09 20:19:43 ----D---- C:\Users\Princess\AppData\Roaming\Mozilla
2014-05-09 20:11:19 ----SHD---- C:\Windows\Installer
2014-05-08 20:20:46 ----D---- C:\Windows\system32\catroot2
2014-05-01 09:09:36 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2012-12-29 24184]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-10-08 170656]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 104712]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-14 1131008]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2012-07-03 149352]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-06-20 200112]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-05-16 691696]
S1 drxdgtww;drxdgtww; \??\C:\Windows\system32\drivers\drxdgtww.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-03-03 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-03-03 1748608]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-11-26 1329304]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 645992]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-03 1258856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-16 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 syshost32;syshost32; C:\Windows\Installer\{5E414646-5833-4BEC-FC65-BF75DBE2AB43}\syshost.exe /service []
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-16 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-09 119408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 11 kvě 2014 10:32
od Rudy
Zdravím!
Nejprve by mne zajímla legalita vašeho operačního systému.

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 11 kvě 2014 10:42
od monica2003
zdravim,

to netusim..najprv som tu mala win8 ale nevyhovoval mi...a potom mi kamos nainstaloval win7..v podstate on sa mi stara o pc, ale momentalne je odcestovany

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 11 kvě 2014 10:44
od Rudy
Pokud jste mu ten systém zaplatila, příp. máte na něj nějaký doklad, je legální.

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 11 kvě 2014 10:48
od monica2003
potrebujete ten doklad? bo momentalne som mimo domova..( zaslat Vam ho mozem tak najskor o cca 3 weeks- to nie je problem- sice budem musiet prekutrat nejake tie stohy papierov :) ).

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 11 kvě 2014 10:50
od Rudy
Nepotřebuji. Zkusíme tento postup:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Dejte oba logy.

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 11 kvě 2014 11:22
od monica2003
OTL logfile created on: 11. 5. 2014 11:55:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Princess\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,54% Memory free
5,99 Gb Paging File | 4,44 Gb Available in Paging File | 74,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,91 Gb Total Space | 28,61 Gb Free Space | 53,07% Space Free | Partition Type: NTFS
Drive D: | 244,18 Gb Total Space | 170,87 Gb Free Space | 69,98% Space Free | Partition Type: NTFS

Computer Name: PRINCESS-PC | User Name: Princess | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/11 11:52:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Princess\Downloads\OTL.exe
PRC - [2014/05/09 21:08:51 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/04/25 10:03:52 | 022,415,552 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2014/03/03 10:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/03 10:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/12/18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/26 14:34:12 | 001,329,304 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2012/11/26 14:34:02 | 005,074,384 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2012/10/03 00:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 21:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/10/02 21:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/17 20:12:02 | 000,108,544 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 03:14:19 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Dxpserver.exe
PRC - [2009/07/14 03:14:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceDisplayObjectProvider.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/11 09:45:50 | 001,159,680 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\_ssl.pyd
MOD - [2014/05/11 09:45:50 | 001,062,400 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\wx._controls_.pyd
MOD - [2014/05/11 09:45:50 | 000,811,008 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\wx._windows_.pyd
MOD - [2014/05/11 09:45:50 | 000,805,888 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\wx._gdi_.pyd
MOD - [2014/05/11 09:45:50 | 000,713,216 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\_hashlib.pyd
MOD - [2014/05/11 09:45:50 | 000,110,080 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\PyWinTypes27.dll
MOD - [2014/05/11 09:45:50 | 000,070,656 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\wx._html2.pyd
MOD - [2014/05/11 09:45:50 | 000,038,912 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\win32inet.pyd
MOD - [2014/05/11 09:45:50 | 000,035,840 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\win32process.pyd
MOD - [2014/05/11 09:45:50 | 000,027,136 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\_multiprocessing.pyd
MOD - [2014/05/11 09:45:50 | 000,025,600 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\win32pdh.pyd
MOD - [2014/05/11 09:45:50 | 000,024,064 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\win32pipe.pyd
MOD - [2014/05/11 09:45:49 | 001,175,040 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\wx._core_.pyd
MOD - [2014/05/11 09:45:49 | 000,735,232 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\wx._misc_.pyd
MOD - [2014/05/11 09:45:49 | 000,686,080 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\unicodedata.pyd
MOD - [2014/05/11 09:45:49 | 000,557,056 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\pysqlite2._sqlite.pyd
MOD - [2014/05/11 09:45:49 | 000,525,640 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\windows._lib_cacheinvalidation.pyd
MOD - [2014/05/11 09:45:49 | 000,364,544 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\pythoncom27.dll
MOD - [2014/05/11 09:45:49 | 000,320,512 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\win32com.shell.shell.pyd
MOD - [2014/05/11 09:45:49 | 000,167,936 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\win32gui.pyd
MOD - [2014/05/11 09:45:49 | 000,128,512 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\_elementtree.pyd
MOD - [2014/05/11 09:45:49 | 000,127,488 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\pyexpat.pyd
MOD - [2014/05/11 09:45:49 | 000,122,368 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\wx._wizard.pyd
MOD - [2014/05/11 09:45:49 | 000,119,808 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\win32file.pyd
MOD - [2014/05/11 09:45:49 | 000,108,544 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\win32security.pyd
MOD - [2014/05/11 09:45:49 | 000,098,816 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\win32api.pyd
MOD - [2014/05/11 09:45:49 | 000,087,552 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\_ctypes.pyd
MOD - [2014/05/11 09:45:49 | 000,078,336 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\wx._animate.pyd
MOD - [2014/05/11 09:45:49 | 000,045,568 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\_socket.pyd
MOD - [2014/05/11 09:45:49 | 000,022,528 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\win32ts.pyd
MOD - [2014/05/11 09:45:49 | 000,018,432 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\win32event.pyd
MOD - [2014/05/11 09:45:49 | 000,017,408 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\win32profile.pyd
MOD - [2014/05/11 09:45:49 | 000,011,264 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\win32crypt.pyd
MOD - [2014/05/11 09:45:49 | 000,010,240 | ---- | M] () -- C:\Users\Princess\AppData\Local\Temp\_MEI23682\select.pyd
MOD - [2014/05/09 21:08:50 | 003,839,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/17 20:12:02 | 000,111,104 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlc.dll
MOD - [2012/02/17 20:12:02 | 000,108,544 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
MOD - [2012/02/17 20:12:02 | 000,077,824 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
MOD - [2012/02/17 20:12:02 | 000,051,200 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
MOD - [2012/02/17 20:12:02 | 000,049,664 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2012/02/17 20:12:02 | 000,044,544 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
MOD - [2012/02/17 20:12:02 | 000,041,984 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
MOD - [2012/02/17 20:12:02 | 000,037,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
MOD - [2012/02/17 20:12:00 | 000,106,496 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
MOD - [2012/02/17 20:12:00 | 000,092,160 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
MOD - [2012/02/17 20:11:58 | 011,589,632 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
MOD - [2012/02/17 20:11:58 | 000,196,608 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
MOD - [2012/02/17 20:11:54 | 009,532,416 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
MOD - [2012/02/17 20:11:54 | 000,386,560 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
MOD - [2012/02/17 20:11:54 | 000,308,736 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
MOD - [2012/02/17 20:11:54 | 000,265,216 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
MOD - [2012/02/17 20:11:54 | 000,262,656 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll
MOD - [2012/02/17 20:11:54 | 000,184,832 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
MOD - [2012/02/17 20:11:54 | 000,154,624 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
MOD - [2012/02/17 20:11:54 | 000,051,200 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
MOD - [2012/02/17 20:11:54 | 000,038,400 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
MOD - [2012/02/17 20:11:52 | 000,935,936 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
MOD - [2012/02/17 20:11:52 | 000,371,200 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
MOD - [2012/02/17 20:11:52 | 000,043,008 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
MOD - [2012/02/17 20:11:52 | 000,043,008 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
MOD - [2012/02/17 20:11:52 | 000,041,472 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
MOD - [2012/02/17 20:11:52 | 000,037,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
MOD - [2012/02/17 20:11:50 | 001,719,296 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
MOD - [2012/02/17 20:11:50 | 001,253,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
MOD - [2012/02/17 20:11:50 | 000,696,320 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
MOD - [2012/02/17 20:11:50 | 000,258,560 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
MOD - [2012/02/17 20:11:50 | 000,232,960 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
MOD - [2012/02/17 20:11:50 | 000,219,648 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
MOD - [2012/02/17 20:11:50 | 000,093,696 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
MOD - [2012/02/17 20:11:50 | 000,083,968 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
MOD - [2012/02/17 20:11:50 | 000,047,616 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
MOD - [2012/02/17 20:11:50 | 000,043,520 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
MOD - [2012/02/17 20:11:50 | 000,042,496 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
MOD - [2012/02/17 20:11:50 | 000,040,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
MOD - [2012/02/17 20:11:50 | 000,038,400 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
MOD - [2012/02/17 20:11:48 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
MOD - [2012/02/17 20:11:48 | 000,034,816 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
MOD - [2012/02/17 20:11:46 | 001,304,576 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
MOD - [2012/02/17 20:11:46 | 000,370,688 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
MOD - [2012/02/17 20:11:44 | 000,724,992 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
MOD - [2012/02/17 20:11:44 | 000,445,952 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
MOD - [2012/02/17 20:11:44 | 000,070,144 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
MOD - [2012/02/17 20:11:44 | 000,070,144 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
MOD - [2012/02/17 20:11:44 | 000,051,200 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
MOD - [2012/02/17 20:11:44 | 000,037,888 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
MOD - [2012/02/17 20:11:44 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
MOD - [2012/02/17 20:11:42 | 001,235,456 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
MOD - [2012/02/17 20:11:42 | 000,056,320 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
MOD - [2012/02/17 20:11:42 | 000,044,544 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
MOD - [2012/02/17 20:11:42 | 000,042,496 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
MOD - [2012/02/17 20:11:42 | 000,040,960 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
MOD - [2012/02/17 20:11:42 | 000,040,960 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
MOD - [2012/02/17 20:11:42 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
MOD - [2012/02/17 20:11:42 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
MOD - [2012/02/17 20:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
MOD - [2012/02/17 20:11:40 | 000,052,736 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
MOD - [2012/02/17 20:11:40 | 000,050,688 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
MOD - [2012/02/17 20:11:40 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
MOD - [2012/02/17 20:11:38 | 001,518,080 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
MOD - [2012/02/17 20:11:38 | 000,182,272 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
MOD - [2012/02/17 20:11:38 | 000,135,168 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
MOD - [2012/02/17 20:11:38 | 000,069,120 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
MOD - [2012/02/17 20:11:38 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll
MOD - [2012/02/17 20:11:38 | 000,045,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
MOD - [2012/02/17 20:11:38 | 000,040,960 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
MOD - [2012/02/17 20:11:38 | 000,038,400 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
MOD - [2012/02/17 20:11:38 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
MOD - [2012/02/17 20:11:38 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
MOD - [2012/02/17 20:11:38 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
MOD - [2012/02/17 20:11:38 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
MOD - [2012/02/17 20:11:38 | 000,035,328 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
MOD - [2012/02/17 20:11:38 | 000,034,816 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
MOD - [2012/02/17 20:11:36 | 002,285,056 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlccore.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\Installer\{5E414646-5833-4BEC-FC65-BF75DBE2AB43}\syshost.exe /service -- (syshost32)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2014/05/09 21:08:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/03 10:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/03 10:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/12/18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/26 14:34:12 | 001,329,304 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2012/10/03 00:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\stwrt.sys -- (STHDA)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\drxdgtww.sys -- (drxdgtww)
DRV - [2013/05/16 21:45:01 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/12/29 22:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2012/10/08 09:21:08 | 000,121,216 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/10/08 09:21:08 | 000,104,712 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2012/10/08 09:21:06 | 000,170,656 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012/10/03 00:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/07/03 17:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-903371570-962786371-1426814640-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE - HKU\S-1-5-21-903371570-962786371-1426814640-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-903371570-962786371-1426814640-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 B6 5E 7B 32 9F CD 01 [binary data]
IE - HKU\S-1-5-21-903371570-962786371-1426814640-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-903371570-962786371-1426814640-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-903371570-962786371-1426814640-1000\..\SearchScopes\{4E4707B7-E1F8-462B-93DC-1D0D1C0F57F5}: "URL" = http://websearch.ask.com/redirect?clien ... BFAC645BCE
IE - HKU\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-903371570-962786371-1426814640-1002\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Princess\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Princess\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Princess\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Princess\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/01/12 15:54:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2014/05/09 20:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Princess\AppData\Roaming\Mozilla\Extensions
[2012/09/30 20:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Princess\AppData\Roaming\Mozilla\Firefox\extensions
[2012/09/30 20:34:01 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\Princess\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
[2014/05/09 21:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Princess\AppData\Roaming\Mozilla\Firefox\Profiles\1uki8sqa.default\extensions
[2014/05/09 21:13:16 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Princess\AppData\Roaming\Mozilla\Firefox\Profiles\1uki8sqa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/09 21:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/09 21:08:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Princess\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Princess\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Princess\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Princess\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Princess\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Princess\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Princess\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Google Wallet = C:\Users\Princess\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Wallet = C:\Users\Princess\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Princess\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [PhilipsDM] C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe (Koninklijke Philips Electronics N.V.)
O4 - HKU\S-1-5-21-903371570-962786371-1426814640-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-903371570-962786371-1426814640-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-903371570-962786371-1426814640-1000..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-903371570-962786371-1426814640-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.199.225.64 37.1.198.204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E42EABE-A5AF-42EF-9938-9A62634A9F9A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73E797E7-28CA-4C7B-A67D-90F11835D468}: DhcpNameServer = 128.199.225.64 37.1.198.204
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014/05/11 10:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/05/11 10:03:40 | 000,000,000 | ---D | C] -- C:\rsit
[2014/05/11 09:43:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/11 09:41:25 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/05/11 08:21:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2014/05/10 10:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/10 10:03:39 | 000,692,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/10 10:03:39 | 000,070,832 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/10 06:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2014/05/09 21:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/05/09 20:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/05/09 19:15:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2014/05/11 11:57:19 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/05/11 11:14:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-903371570-962786371-1426814640-1000UA1ce5178ced0eb4b.job
[2014/05/11 11:11:41 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/11 10:07:05 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/11 10:07:05 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/11 09:50:02 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/11 09:50:02 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/11 09:45:47 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/11 09:45:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/11 09:45:29 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/11 09:39:05 | 001,316,991 | ---- | M] () -- C:\Users\Princess\Desktop\adwcleaner.exe
[2014/05/11 06:10:14 | 000,002,225 | ---- | M] () -- C:\Users\Princess\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/10 21:07:20 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/10 20:40:36 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-903371570-962786371-1426814640-1000Core.job
[2014/05/10 10:03:39 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/10 10:03:39 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/09 20:19:30 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/05 18:48:07 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat

========== Files Created - No Company Name ==========

[2014/05/11 11:57:19 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/05/11 09:43:05 | 001,316,991 | ---- | C] () -- C:\Users\Princess\Desktop\adwcleaner.exe
[2014/05/10 10:03:59 | 000,002,225 | ---- | C] () -- C:\Users\Princess\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/10 10:03:59 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/09 20:19:30 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/05/09 20:19:30 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/05 18:48:07 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2014/01/17 14:11:22 | 000,017,920 | ---- | C] () -- C:\Windows\System32\wxsmi.dll
[2014/01/17 14:11:20 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2013/06/05 19:39:37 | 000,003,584 | ---- | C] () -- C:\Users\Princess\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/17 10:10:33 | 000,138,056 | ---- | C] () -- C:\Users\Princess\AppData\Roaming\PnkBstrK.sys
[2013/05/17 10:08:17 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013/04/08 16:08:31 | 000,298,496 | ---- | C] () -- C:\Windows\unin0405.exe
[2013/02/22 20:03:06 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI
[2013/02/22 20:02:42 | 000,026,112 | R--- | C] () -- C:\Windows\LgUninst.exe
[2012/11/08 21:46:25 | 000,000,647 | ---- | C] () -- C:\Users\Princess\AppData\Roaming\burnaware.ini
[2012/10/01 14:05:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/10 06:25:05 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Acapela Group
[2012/12/21 17:23:11 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Bombermaaan
[2013/02/24 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Canneverbe Limited
[2013/05/17 08:41:13 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\DAEMON Tools Lite
[2012/10/12 11:41:33 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\driveridentifier
[2013/07/12 15:21:51 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Dropbox
[2014/02/28 22:03:24 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\FreeBurner
[2013/02/24 12:58:39 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\GHISLER
[2013/08/30 09:57:38 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\OpenOffice
[2013/04/08 20:37:56 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\PhotoFiltre
[2012/12/20 18:52:53 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\PhotoScape
[2013/05/05 19:48:57 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Softland
[2013/07/12 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Solveig Multimedia
[2013/02/24 13:04:58 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\TuneUp Software
[2013/11/23 15:20:37 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Unity

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 06:53:46 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/10/12 10:59:45 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\Driver Robot.job
[2012/11/02 12:15:41 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903371570-962786371-1426814640-1000Core.job
[2013/05/15 16:30:54 | 000,000,958 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903371570-962786371-1426814640-1000UA1ce5178ced0eb4b.job
[2013/06/16 20:16:10 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/06/16 20:16:13 | 000,000,928 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[5 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013/06/10 06:25:05 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Acapela Group
[2013/05/17 09:30:00 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Adobe
[2013/05/24 10:33:18 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\ArcSoft
[2012/12/21 17:23:11 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Bombermaaan
[2013/02/24 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Canneverbe Limited
[2012/12/10 13:08:56 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\CyberLink
[2013/05/17 08:41:13 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\DAEMON Tools Lite
[2012/10/12 11:41:33 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\driveridentifier
[2013/07/12 15:21:51 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Dropbox
[2014/02/02 22:48:25 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\dvdcss
[2014/02/28 22:03:24 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\FreeBurner
[2013/02/24 12:58:39 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\GHISLER
[2012/09/30 19:20:57 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Identities
[2013/05/23 11:05:12 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\InstallShield
[2012/12/21 17:13:31 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Macromedia
[2009/07/14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Media Center Programs
[2013/05/15 21:52:22 | 000,000,000 | --SD | M] -- C:\Users\Princess\AppData\Roaming\Microsoft
[2014/05/09 20:19:43 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Mozilla
[2013/08/30 09:57:38 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\OpenOffice
[2013/04/08 20:37:56 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\PhotoFiltre
[2012/12/20 18:52:53 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\PhotoScape
[2014/05/11 09:38:13 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Skype
[2013/05/05 19:48:57 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Softland
[2013/07/12 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Solveig Multimedia
[2013/02/24 13:04:58 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\TuneUp Software
[2013/11/23 15:20:37 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\Unity
[2014/05/11 09:40:10 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\vlc
[2012/10/01 13:58:09 | 000,000,000 | ---D | M] -- C:\Users\Princess\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012/10/12 11:03:06 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2014/05/11 09:45:47 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/05/11 12:09:31 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014/05/10 20:40:36 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903371570-962786371-1426814640-1000Core.job
[2014/05/11 11:14:00 | 000,000,958 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903371570-962786371-1426814640-1000UA1ce5178ced0eb4b.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014/05/11 10:07:05 | 000,016,160 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/11 10:07:05 | 000,016,160 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/10 10:03:39 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014/05/10 10:03:39 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2014/05/11 09:50:02 | 000,103,568 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014/05/11 09:50:02 | 000,607,190 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014/05/11 09:50:02 | 000,713,888 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"UpdateMyDrivers" = C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
"Google Update" = "C:\Users\Princess\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2012/11/02 12:15:38 | 000,116,648 | ---- | M] (Google Inc.)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2009/10/30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd)
"GoogleDriveSync" = "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart -- [2014/04/25 10:03:52 | 022,415,552 | ---- | M] (Google)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2014/02/10 18:46:14 | 020,922,016 | R--- | M] (Skype Technologies S.A.)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2014/05/09 21:08:51 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=0DA891CB0703D912CEAFA072F54D002B -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009/07/14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014/04/24 02:33:15 | 000,841,032 | ---- | M] (Google Inc.) MD5=542459D16B416D054161007FC9B1246E -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/05/11 11:57:19 | 000,000,512 | ---- | M] () MD5=BA16200F3FBFC8043A7AFAB4D0836DB3 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2014/05/10 12:58:29 | 000,050,849 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\Princess\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.30.1.502_0\js\chromeBackstageLoader.js.vir
[2014/05/10 12:58:29 | 000,003,090 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\Princess\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.30.1.502_0\js\pluginLoader.js.vir
[2014/05/10 12:58:29 | 000,000,847 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\Princess\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.30.1.502_0\tb\al\ac\img\ajax-loader.gif.vir
[2014/05/10 12:58:29 | 000,001,135 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\Princess\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.30.1.502_0\tb\al\ac\img\loader-icon.png.vir
[2014/05/10 12:58:28 | 000,003,208 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\Princess\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.30.1.502_0\tb\al\ui\gf\img\loader.gif.vir
[2013/05/16 16:41:22 | 001,152,288 | ---- | M] () -- \NVIDIA\DisplayDriver\320.49\Win8_WinVista_Win7\English\GFExperience\ExtensionLoader.dll
[2001/01/16 06:55:36 | 000,053,248 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\COLOADER.DLL
[2001/01/16 04:22:34 | 000,002,560 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\COLOADER.TLB
[2012/05/03 18:38:36 | 000,071,528 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012/05/21 04:03:06 | 000,083,816 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2013/07/10 22:08:32 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice 4\program\javaloader.uno.dll
[2013/07/16 15:31:10 | 000,005,813 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.py
[2013/07/10 22:08:34 | 000,020,992 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.uno.dll
[2013/07/16 16:44:12 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.uno.ini
[2013/07/16 15:21:10 | 000,003,868 | ---- | M] () -- \Program Files\OpenOffice 4\program\classes\unoloader.jar
[2013/07/10 15:46:18 | 000,013,420 | ---- | M] () -- \Program Files\OpenOffice 4\program\python-core-2.7.5\lib\unittest\loader.py
[2009/12/12 15:12:04 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2013/05/16 21:46:31 | 000,057,728 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DTLite.gadget\img\dt_dadget_loader.png
[2014/05/09 20:16:16 | 000,076,520 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SFH4P24\sf_preloader[1].jsp
[2014/05/06 20:25:18 | 000,112,122 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DG44FJHV\AdLoader-7b473315d0084c71df83cdee72aab144.min[1].js
[2014/05/07 20:16:04 | 000,001,870 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DG44FJHV\AdLoader[1].htm
[2014/05/10 06:02:49 | 000,001,174 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DG44FJHV\downloader[1].js
[2014/05/10 09:55:24 | 000,001,174 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DG44FJHV\downloader[2].js
[2014/05/08 20:29:45 | 000,001,870 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPJ8N4OH\AdLoader[1].htm
[2014/05/08 20:29:40 | 000,001,870 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJW61ZTW\AdLoader[1].htm
[2014/05/09 19:56:18 | 000,001,870 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJW61ZTW\AdLoader[2].htm
[2014/05/10 06:02:49 | 000,000,723 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJW61ZTW\downloaderror[1].js
[2014/05/10 09:55:24 | 000,000,723 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJW61ZTW\downloaderror[2].js
[2014/05/09 20:16:16 | 000,007,757 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJW61ZTW\sf_conduit_loader[1].htm
[2014/05/09 18:56:53 | 000,007,757 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3SPONL6V\sf_conduit_loader[1].htm
[2014/05/09 18:56:34 | 000,004,176 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GK1AKL5U\ajaxLoader[1].gif
[2014/01/02 19:23:40 | 000,007,757 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I3J9UD2I\sf_conduit_loader[1].htm
[2013/12/31 11:12:39 | 000,063,033 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I3J9UD2I\sf_preloader[1].jsp
[2013/12/20 08:50:18 | 000,063,069 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I3J9UD2I\sf_preloader[2].jsp
[2014/05/09 18:56:55 | 000,076,520 | ---- | M] () -- \Users\Princess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JD6W2P36\sf_preloader[1].jsp
[2014/01/28 20:35:56 | 000,072,638 | ---- | M] () -- \Users\Princess\AppData\Local\Skype\Apps\login\images\loader.gif
[2014/01/28 20:35:56 | 000,003,032 | ---- | M] () -- \Users\Princess\AppData\Local\Skype\Apps\login\images\loader.png
[2014/01/28 20:35:56 | 000,006,012 | ---- | M] () -- \Users\Princess\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014/01/28 20:35:56 | 000,021,956 | ---- | M] () -- \Users\Princess\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014/01/28 20:35:56 | 000,009,772 | ---- | M] () -- \Users\Princess\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014/04/30 19:26:25 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI20802\_win32sysloader.pyd
[2014/04/20 15:04:11 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI22122\_win32sysloader.pyd
[2014/05/05 18:49:06 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI22682\_win32sysloader.pyd
[2014/05/06 08:04:16 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI23362\_win32sysloader.pyd
[2014/05/08 16:07:56 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI23482\_win32sysloader.pyd
[2014/05/04 09:22:01 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI23562\_win32sysloader.pyd
[2014/04/27 13:20:29 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI23642\_win32sysloader.pyd
[2014/05/11 09:45:49 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI23682\_win32sysloader.pyd
[2014/05/08 20:19:19 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI23722\_win32sysloader.pyd
[2014/05/01 11:22:16 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI23762\_win32sysloader.pyd
[2014/05/09 19:15:41 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI23802\_win32sysloader.pyd
[2014/05/09 17:05:41 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI23882\_win32sysloader.pyd
[2014/05/07 20:06:57 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI23962\_win32sysloader.pyd
[2014/04/23 18:33:55 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI24283\_win32sysloader.pyd
[2014/05/04 12:27:04 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI24322\_win32sysloader.pyd
[2014/05/06 06:29:41 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI24323\_win32sysloader.pyd
[2014/04/20 12:40:37 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI24362\_win32sysloader.pyd
[2014/04/29 20:52:51 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI24363\_win32sysloader.pyd
[2014/05/10 09:43:16 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI24402\_win32sysloader.pyd
[2014/04/23 08:27:23 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI24442\_win32sysloader.pyd
[2014/04/23 17:18:45 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI24482\_win32sysloader.pyd
[2014/05/03 11:48:27 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI24483\_win32sysloader.pyd
[2014/04/21 10:19:10 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI24722\_win32sysloader.pyd
[2014/04/23 06:50:56 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI24802\_win32sysloader.pyd
[2014/04/25 17:02:41 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI24842\_win32sysloader.pyd
[2014/04/24 20:34:38 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI24883\_win32sysloader.pyd
[2014/05/06 18:11:07 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI25042\_win32sysloader.pyd
[2014/05/09 12:39:27 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI25043\_win32sysloader.pyd
[2014/05/10 06:44:35 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI25044\_win32sysloader.pyd
[2014/04/26 07:19:38 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI25202\_win32sysloader.pyd
[2014/05/11 08:23:34 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI25242\_win32sysloader.pyd
[2014/04/20 12:32:15 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI25442\_win32sysloader.pyd
[2014/04/22 15:26:21 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI25642\_win32sysloader.pyd
[2014/05/01 05:56:35 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI25643\_win32sysloader.pyd
[2014/05/02 06:28:16 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI25722\_win32sysloader.pyd
[2014/04/24 18:06:42 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI26162\_win32sysloader.pyd
[2014/05/11 06:10:44 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI26242\_win32sysloader.pyd
[2014/04/27 07:15:50 | 000,008,192 | ---- | M] () -- \Users\Princess\AppData\Local\Temp\_MEI32842\_win32sysloader.pyd
[2012/08/29 14:45:58 | 000,000,847 | ---- | M] () -- \Users\Princess\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ac\img\ajax-loader.gif
[2012/08/29 14:45:58 | 000,001,135 | ---- | M] () -- \Users\Princess\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ac\img\loader-icon.png
[2012/08/29 14:45:58 | 000,003,208 | ---- | M] () -- \Users\Princess\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ui\gf\img\loader.gif
[2012/08/29 14:45:58 | 000,001,849 | ---- | M] () -- \Users\Princess\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\wa\TWITTER\resources\ajax-loader.gif
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2012/10/04 10:12:02 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2009/07/14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/07/14 06:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 06:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009/07/14 06:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2009/07/14 04:17:55 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/07/14 04:17:55 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winload.exe_75835076
[2009/07/14 04:17:55 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winresume.exe_85cd1215
[2009/07/14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 04:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/07/14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >



Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <atapi.sys> in the current context!
Error: Unable to interpret <autochk.exe> in the current context!
Error: Unable to interpret <cdrom.sys> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
Error: Unable to interpret <hal.dll> in the current context!
Error: Unable to interpret <scecli.dll> in the current context!
Error: Unable to interpret <services.exe> in the current context!
Error: Unable to interpret <svchost.exe> in the current context!
Error: Unable to interpret <tcpip.sys> in the current context!
Error: Unable to interpret <userinit.exe> in the current context!
Error: Unable to interpret <winlogon.exe> in the current context!
Error: Unable to interpret </md5stop> in the current context!
Error: Unable to interpret <%systemroot%*.* /U /s> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.exe /s> in the current context!
Error: Unable to interpret <%APPDATA%\*.> in the current context!
Error: Unable to interpret <%APPDATA%\*.exe /s> in the current context!
Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.dll /lockedfiles> in the current context!
Error: Unable to interpret <%systemroot%\Tasks\*.job> in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\*.sys /lockedfiles> in the current context!
Error: Unable to interpret <%systemroot%\System32\config\*.sav> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.dll /lockedfiles> in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\*.sys /3> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.* /3> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Opera\opera.exe /md5> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5> in the current context!
Error: Unable to interpret <%SystemDrive%\PhysicalMBR.bin /md5> in the current context!
Error: Unable to interpret <*crack* /s> in the current context!
Error: Unable to interpret <*keygen* /s> in the current context!
Error: Unable to interpret <*loader* /s> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 05112014_122022

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 11 kvě 2014 11:47
od Rudy
Znovu spustte OTL jako spravce. Do spodniho okna vlozte nasledujici text:
:OTL
PRC - [2014/03/03 10:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
SRV - File not found [Auto | Stopped] -- C:\Windows\Installer\{5E414646-5833-4BEC-FC65-BF75DBE2AB43}\syshost.exe /service -- (syshost32)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-903371570-962786371-1426814640-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-903371570-962786371-1426814640-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-903371570-962786371-1426814640-1000\..\SearchScopes\{4E4707B7-E1F8-462B-93DC-1D0D1C0F57F5}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=&apn_ptnrs=^5N&apn_dtid=^YYYYYY^YY^SK&apn_uid=db046f38-4966-4cfd-b7c2-e6431e0fada6&apn_sauid=A4D7BC88-DF8F-412A-8C68-6CBFAC645BCE
IE - HKU\S-1-5-21-903371570-962786371-1426814640-1002\..\SearchScopes,DefaultScope =
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Princess\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Princess\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-903371570-962786371-1426814640-1000..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss File not found
O13 - gopher Prefix: missing
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:files
C:\Windows\Installer\{5E414646-5833-4BEC-FC65-BF75DBE2AB43}\syshost.exe
C:\Program Files\Skype\Toolbars
C:\ProgramData\McAfee
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-903371570-962786371-1426814640-1000UA1ce5178ced0eb4b.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903371570-962786371-1426814640-1000Core.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 11 kvě 2014 11:52
od monica2003
prepacte, ale nevidim tam taku moznost..

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 11 kvě 2014 12:33
od monica2003
All processes killed
========== OTL ==========
Process SkypeC2CPNRSvc.exe killed successfully!
Error: No service named syshost32 was found to stop!
Service\Driver key syshost32 not found.
File C:\Windows\Installer\{5E414646-5833-4BEC-FC65-BF75DBE2AB43}\syshost.exe /service not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4E4707B7-E1F8-462B-93DC-1D0D1C0F57F5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E4707B7-E1F8-462B-93DC-1D0D1C0F57F5}\ not found.
HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UpdateMyDrivers not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
File\Folder C:\Windows\Installer\{5E414646-5833-4BEC-FC65-BF75DBE2AB43}\syshost.exe not found.
C:\Program Files\Skype\Toolbars\Shared folder moved successfully.
C:\Program Files\Skype\Toolbars\PNRSvc folder moved successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files\Skype\Toolbars\ChromeExtension folder moved successfully.
C:\Program Files\Skype\Toolbars\AutoUpdate folder moved successfully.
C:\Program Files\Skype\Toolbars folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\SecurityScanner\McUicnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\SecurityScanner folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\SSScheduler folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\McUicnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\McCHSvc folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\McUICnt\McUicnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS folder moved successfully.
C:\ProgramData\McAfee folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-903371570-962786371-1426814640-1000UA1ce5178ced0eb4b.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903371570-962786371-1426814640-1000Core.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Princess
->Temp folder emptied: 44317530 bytes
->Temporary Internet Files folder emptied: 33212 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15248118 bytes
->Google Chrome cache emptied: 6116226 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 63,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Princess
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05112014_132729

Files\Folders moved on Reboot...
C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 11 kvě 2014 17:00
od Rudy
Smazáno. Nastala nějaká změna?

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 11 kvě 2014 19:51
od monica2003
dobry vecer,

chvilu to vyzeralo ze nastala zmena, ale momentalne mi stale naskakuje hlaska Warning..yr flash player may be out .....

a naskocila aj nova od Daemon tols lite: tento program pozaduje najmenej windows 2000 s SPTD 1,6 alebo vyssiu. Ladenie jadra musi byt vypnute.

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 11 kvě 2014 20:30
od Rudy
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 12 kvě 2014 05:57
od monica2003
dobre rano,

spustila som combo- vystup uvadzam dole..
cekovala som web, a aj ked som sa ani nepokusala prihlasit na fb, na inej stranke (strankach) mi vyskakuje toto okno s takymto napisom : The page at www.facebook.com says: Warning! yr flash player may be out of date.....

ehm..

ComboFix 14-05-10.01 - Princess . 05. 2014 6:16.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.3069.1765 [GMT 2:00]
Running from: c:\users\Princess\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Princess\AppData\Local\Temp\_MEI23082\_ctypes.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\_elementtree.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\_hashlib.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\_multiprocessing.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\_socket.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\_ssl.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\pyexpat.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\pysqlite2._sqlite.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\python27.dll
c:\users\Princess\AppData\Local\Temp\_MEI23082\pythoncom27.dll
c:\users\Princess\AppData\Local\Temp\_MEI23082\PyWinTypes27.dll
c:\users\Princess\AppData\Local\Temp\_MEI23082\select.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\unicodedata.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\win32api.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\win32com.shell.shell.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\win32crypt.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\win32event.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\win32file.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\win32gui.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\win32inet.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\win32pdh.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\win32pipe.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\win32process.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\win32profile.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\win32security.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\win32ts.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\windows._lib_cacheinvalidation.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\wx._animate.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\wx._controls_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\wx._core_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\wx._gdi_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\wx._html2.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\wx._misc_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\wx._windows_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\wx._wizard.pyd
c:\users\Princess\AppData\Local\Temp\_MEI23082\wxbase294u_net_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI23082\wxbase294u_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI23082\wxmsw294u_adv_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI23082\wxmsw294u_core_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI23082\wxmsw294u_html_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI23082\wxmsw294u_webview_vc90.dll
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-04-12 to 2014-05-12 )))))))))))))))))))))))))))))))
.
.
2014-05-12 04:22 . 2014-05-12 04:24 -------- d-----w- c:\users\Princess\AppData\Local\temp
2014-05-11 13:52 . 2014-05-11 15:35 -------- d-----w- c:\users\Princess\AppData\Roaming\BitTorrent
2014-05-11 11:27 . 2014-05-11 11:27 -------- d-----w- C:\_OTL
2014-05-11 09:57 . 2014-05-11 09:57 512 ----a-w- C:\PhysicalMBR.bin
2014-05-11 08:03 . 2014-05-11 08:04 -------- d-----w- c:\program files\trend micro
2014-05-11 07:43 . 2014-05-11 07:50 -------- d-----w- C:\AdwCleaner
2014-05-11 07:41 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-11 06:21 . 2014-05-11 06:21 -------- d-----w- c:\windows\system32\MpEngineStore
2014-05-10 08:03 . 2014-05-10 08:03 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 08:03 . 2014-05-10 08:03 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-09 18:19 . 2014-05-10 04:44 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-04-25 22415552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 5074384]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2007-07-05 888832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-05-16 691696]
R1 drxdgtww;drxdgtww;c:\windows\system32\drivers\drxdgtww.sys [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 170656]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-11-26 1329304]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 104712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-10 19:07 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 128.199.225.64 37.1.198.204
FF - ProfilePath - c:\users\Princess\AppData\Roaming\Mozilla\Firefox\Profiles\1uki8sqa.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_13_0_0_206_ActiveX.exe
AddRemove-BurnAware Free_is1 - c:\program files\BurnAware Free\unins000.exe
AddRemove-LingVista 3 - c:\windows\unin0405.exe
AddRemove-MV2Player - c:\program files\Mv2Player\uninst.exe
AddRemove-{7E265513-8CDA-4631-B696-F40D983F3B07}_is1 - c:\program files\CDBurnerXP\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*B*a*xżë=\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*h*d*t*v*Ě[řk\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*=Ď?J]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*=Ď?J\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ΓJ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ΓJ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*H*=Ď?J]
"0"=hex:66,69,6c,65,3a,2f,2f,2f,44,3a,2f,4d,6f,76,69,65,25,32,30,26,25,32,30,
53,65,72,69,61,6c,73,2f,68,69,6d,79,6d,2f,48,6f,77,2e,49,2e,4d,65,74,2e,59,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*)ΓJ]
"0"=hex:74,00,68,00,65,00,2e,00,62,00,69,00,67,00,2e,00,62,00,61,00,6e,00,67,
00,2e,00,74,00,68,00,65,00,6f,00,72,00,79,00,2e,00,37,00,30,00,32,00,2e,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-05-12 06:27:22 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-12 04:27
.
Pre-Run: 34 007 891 968 bytes free
Post-Run: 33 963 704 320 bytes free
.
- - End Of File - - 2019236DA01E5073E23A270CCEAD0C3D
A36C5E4F47E84449FF07ED3517B43A31

Re: WARNING! Your Flash Player may be out of date,,2

Napsal: 12 kvě 2014 17:28
od Rudy
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Collect::
c:\windows\system32\drivers\drxdgtww.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Driver::
drxdgtww
c2cautoupdatesvc
c2cpnrsvc

RegLock::
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*B*a*xżë=\OpenWithList]
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*h*d*t*v*Ě[řk\OpenWithList]
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*=Ď?J]
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*=Ď?J\OpenWithList]
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ΓJ]
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ΓJ\OpenWithList]
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*H*=Ď?J]
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*)ΓJ]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz