
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o pomoc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
prosim o pomoc
ahoj som tu novy a som laik co sa tyka pc ,preto chcem porosit o pomoc :moj problem je ze moj pocitac sa drastycki spomalyl ci uz to je v kludnom stave hned po starte alebo ak spustim prehliadac opera,mozila,chrom .vytazenie pc je na 100% tak isto ak si chcem pozriet film cez vlc player absolutne neviem co mam robyt a co to zapricinuje prikladam log:
prosim naozaj sa tomu nerozumiem za pochopenie a pomoc vopred dakujem
Logfile of random's system information tool 1.08 (written by random/random)
Run by rado at 2014-07-25 20:28:04
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 16 GB (28%) free of 58 GB
Total RAM: 2046 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:28:09, on 25. 7. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\trend micro\rado.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://loa.r2games.com/game/play/?server=3562
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Arc Service (ArcService) - Unknown owner - d:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8829 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
taskeng.exe {787E7442-7B66-4496-BB53-F0E836AD6CFD}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Windows\CmUCREye_x64.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe" /DisableUI
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fb7f9d6c-2a87-4d70-b12a-c11da26b6c1a -SystemEventPortName:HostProcess-74e55cab-2de8-46e0-87db-de6b6a41768b -IoCancelEventPortName:HostProcess-eff95407-04ca-4924-9e14-354130020f42 -NonStateChangingEventPortName:HostProcess-e6f6653a-6403-414d-8ce9-c3a1ab0939c2 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5b1c94c7-d207-43b9-91c3-db2c8d203511 -DeviceGroupId:WpdFsGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Opera x64\opera.exe"
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"D:\dovnl\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 553384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21 6270336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 210856]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2014-01-16 241432]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13 3214392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmiboot"=C:\Windows\cmiboot.exe [2007-02-07 65536]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-02-24 5581888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2012-11-13 3825176]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\movies~1\datamngr\x64\mgrldr.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
""=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe"="C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe"="C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2014-07-25 20:28:04 ----D---- C:\rsit
2014-07-25 20:28:04 ----D---- C:\Program Files\trend micro
2014-07-24 21:49:02 ----D---- C:\Program Files (x86)\Adobe
2014-07-24 21:17:33 ----D---- C:\Users\rado\AppData\Roaming\Macromedia
2014-07-24 21:17:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-07-24 21:09:19 ----D---- C:\ProgramData\Adobe
2014-07-24 18:55:02 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-07-24 18:54:23 ----A---- C:\Windows\system32\sdnclean64.exe
2014-07-24 18:54:04 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-24 18:42:26 ----D---- C:\Users\rado\AppData\Roaming\Adobe
2014-07-24 16:53:22 ----D---- C:\ProgramData\NVIDIA
2014-07-24 13:42:15 ----A---- C:\Windows\system32\nvvsvc.exe
2014-07-24 13:42:15 ----A---- C:\Windows\system32\nvsvcr.dll
2014-07-24 13:42:15 ----A---- C:\Windows\system32\nvsvc64.dll
2014-07-24 13:42:15 ----A---- C:\Windows\system32\nvshext.dll
2014-07-24 13:42:15 ----A---- C:\Windows\system32\nvmctray.dll
2014-07-24 13:42:15 ----A---- C:\Windows\system32\nvcpl.dll
2014-07-24 13:18:49 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-24 13:18:49 ----A---- C:\Windows\system32\rdpcorets.dll
2014-07-23 20:37:00 ----D---- C:\ProgramData\ESET
2014-07-23 20:37:00 ----D---- C:\Program Files\ESET
2014-07-23 20:19:10 ----A---- C:\Windows\system32\drivers\terminpt.sys
2014-07-23 20:19:10 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
2014-07-23 20:18:59 ----A---- C:\Windows\SYSWOW64\rdpendp_winip.dll
2014-07-23 20:18:58 ----A---- C:\Windows\system32\rdpudd.dll
2014-07-23 20:18:57 ----A---- C:\Windows\system32\rdpendp_winip.dll
2014-07-22 09:38:23 ----D---- C:\Windows\SYSWOW64\Adobe
2014-07-18 21:57:18 ----D---- C:\Users\rado\AppData\Roaming\.mono
2014-07-15 17:23:24 ----D---- C:\Users\rado\AppData\Roaming\Carbon
2014-07-11 09:10:40 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-07-11 09:10:40 ----A---- C:\Windows\system32\mstscax.dll
2014-07-09 19:15:17 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-09 19:15:12 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-09 19:15:12 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-09 19:15:11 ----A---- C:\Windows\system32\tsgqec.dll
2014-07-09 19:15:11 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-07-09 19:15:10 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2014-07-09 19:15:10 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-07-09 19:15:10 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-07-09 19:15:10 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2014-07-09 19:15:10 ----A---- C:\Windows\system32\wksprtPS.dll
2014-07-09 19:15:10 ----A---- C:\Windows\system32\wksprt.exe
2014-07-09 19:15:10 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-07-09 19:15:10 ----A---- C:\Windows\system32\mstsc.exe
2014-07-09 19:15:10 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-07-09 19:15:08 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2014-07-09 19:15:08 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-07-09 18:23:19 ----A---- C:\Windows\system32\win32k.sys
2014-07-09 18:23:15 ----A---- C:\Windows\SYSWOW64\osk.exe
2014-07-09 18:23:14 ----A---- C:\Windows\system32\osk.exe
2014-07-09 18:22:58 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-07-09 18:22:57 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-07-09 18:22:23 ----A---- C:\Windows\system32\drivers\afd.sys
2014-07-09 18:22:21 ----A---- C:\Windows\system32\qedit.dll
2014-07-09 18:22:20 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-07-09 18:21:51 ----A---- C:\Windows\system32\aepdu.dll
2014-07-09 18:21:50 ----A---- C:\Windows\system32\aeinv.dll
2014-07-09 18:20:05 ----A---- C:\Windows\system32\schannel.dll
2014-07-09 18:20:04 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-07-09 18:20:04 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-07-09 18:20:04 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-07-09 18:20:04 ----A---- C:\Windows\system32\kerberos.dll
2014-07-09 18:20:03 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-07-09 18:20:03 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-07-09 18:20:03 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-07-09 18:20:03 ----A---- C:\Windows\system32\wdigest.dll
2014-07-09 18:20:03 ----A---- C:\Windows\system32\TSpkg.dll
2014-07-09 18:20:03 ----A---- C:\Windows\system32\ncrypt.dll
2014-07-09 18:20:03 ----A---- C:\Windows\system32\msv1_0.dll
2014-07-09 18:20:02 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-07-09 18:20:02 ----A---- C:\Windows\system32\credssp.dll
2014-07-09 18:13:27 ----A---- C:\Windows\system32\lsasrv.dll
2014-07-09 18:13:26 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-07-09 18:13:26 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-07-09 18:12:34 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-07-09 18:12:34 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-07-09 18:12:34 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-07-09 18:12:34 ----A---- C:\Windows\system32\iernonce.dll
2014-07-09 18:12:33 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-07-09 18:12:33 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-07-09 18:12:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-07-09 18:12:33 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-07-09 18:12:33 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-07-09 18:12:33 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-07-09 18:12:33 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 18:12:33 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-07-09 18:12:33 ----A---- C:\Windows\system32\iedkcs32.dll
2014-07-09 18:12:29 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-07-09 18:12:29 ----A---- C:\Windows\system32\urlmon.dll
2014-07-09 18:12:28 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-07-09 18:12:27 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-07-09 18:12:27 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-07-09 18:12:27 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-07-09 18:12:27 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 18:12:27 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-07-09 18:12:27 ----A---- C:\Windows\system32\dxtmsft.dll
2014-07-09 18:12:26 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-07-09 18:12:26 ----A---- C:\Windows\system32\msfeeds.dll
2014-07-09 18:12:25 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-07-09 18:12:24 ----A---- C:\Windows\system32\ie4uinit.exe
2014-07-09 18:12:23 ----A---- C:\Windows\system32\iesetup.dll
2014-07-09 18:12:22 ----A---- C:\Windows\system32\iertutil.dll
2014-07-09 18:12:21 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-07-09 18:12:21 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-07-09 18:12:21 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-07-09 18:12:20 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-07-09 18:12:20 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-07-09 18:12:20 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-07-09 18:12:20 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-07-09 18:12:20 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-07-09 18:12:20 ----A---- C:\Windows\system32\jsproxy.dll
2014-07-09 18:12:19 ----A---- C:\Windows\system32\ieui.dll
2014-07-09 18:12:19 ----A---- C:\Windows\system32\dxtrans.dll
2014-07-09 18:12:18 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-07-09 18:12:18 ----A---- C:\Windows\system32\mshtmled.dll
2014-07-09 18:12:18 ----A---- C:\Windows\system32\ieframe.dll
2014-07-09 18:12:17 ----A---- C:\Windows\system32\vbscript.dll
2014-07-09 18:12:17 ----A---- C:\Windows\system32\jscript9diag.dll
2014-07-09 18:12:17 ----A---- C:\Windows\system32\jscript9.dll
2014-07-09 18:12:17 ----A---- C:\Windows\system32\ieUnatt.exe
2014-07-09 18:12:16 ----A---- C:\Windows\system32\wininet.dll
2014-07-09 18:12:16 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-07-09 18:12:16 ----A---- C:\Windows\system32\ieapfltr.dll
2014-07-09 18:12:15 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 18:12:15 ----A---- C:\Windows\system32\msrating.dll
2014-07-09 18:12:15 ----A---- C:\Windows\system32\mshtml.dll
2014-07-06 15:59:38 ----D---- C:\Program Files (x86)\Steam
2014-07-05 16:02:15 ----D---- C:\Program Files (x86)\Warhammer 40000 Kill Team
2014-06-30 21:57:11 ----D---- C:\Program Files (x86)\Opera x64
======List of files/folders modified in the last 1 months======
2014-07-25 20:28:05 ----D---- C:\Windows\Temp
2014-07-25 20:28:04 ----RD---- C:\Program Files
2014-07-25 20:23:07 ----D---- C:\Windows\system32\config
2014-07-25 20:22:43 ----D---- C:\Users\rado\AppData\Roaming\DAEMON Tools Lite
2014-07-25 19:48:56 ----D---- C:\Windows
2014-07-25 13:24:29 ----D---- C:\Windows\System32
2014-07-25 13:24:29 ----D---- C:\Windows\inf
2014-07-25 13:24:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-07-25 13:20:10 ----D---- C:\Users\rado\AppData\Roaming\vlc
2014-07-24 21:50:13 ----SHD---- C:\Windows\Installer
2014-07-24 21:49:02 ----RD---- C:\Program Files (x86)
2014-07-24 21:49:02 ----D---- C:\Program Files (x86)\Common Files
2014-07-24 21:48:33 ----D---- C:\Windows\SysWOW64
2014-07-24 21:17:20 ----D---- C:\Windows\system32\Tasks
2014-07-24 21:17:19 ----D---- C:\Windows\Tasks
2014-07-24 21:09:19 ----HD---- C:\ProgramData
2014-07-24 18:54:48 ----SD---- C:\ProgramData\Microsoft
2014-07-24 16:51:40 ----D---- C:\Users\rado\AppData\Roaming\BitTorrent
2014-07-24 13:42:10 ----D---- C:\Windows\Help
2014-07-24 13:42:10 ----D---- C:\Program Files\NVIDIA Corporation
2014-07-24 13:39:58 ----D---- C:\ProgramData\NVIDIA Corporation
2014-07-24 13:39:06 ----D---- C:\Windows\system32\drivers
2014-07-24 13:38:53 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2014-07-24 13:25:55 ----D---- C:\Windows\system32\catroot
2014-07-24 13:25:54 ----D---- C:\Windows\system32\DriverStore
2014-07-24 13:19:53 ----D---- C:\Windows\winsxs
2014-07-24 13:19:31 ----SHD---- C:\System Volume Information
2014-07-24 13:16:16 ----D---- C:\Windows\system32\catroot2
2014-07-24 04:57:03 ----D---- C:\Windows\rescache
2014-07-23 22:09:38 ----SD---- C:\Users\rado\AppData\Roaming\Microsoft
2014-07-23 21:56:42 ----D---- C:\Program Files\Common Files
2014-07-23 20:39:49 ----D---- C:\Windows\SYSWOW64\en-US
2014-07-23 20:39:49 ----D---- C:\Windows\system32\en-US
2014-07-23 20:39:49 ----D---- C:\Windows\system32\cs-CZ
2014-07-23 20:39:49 ----D---- C:\Windows\PolicyDefinitions
2014-07-22 09:33:01 ----D---- C:\Windows\SYSWOW64\Macromed
2014-07-20 17:11:27 ----D---- C:\Windows\Logs
2014-07-20 15:10:06 ----D---- C:\Windows\system32\wfp
2014-07-20 15:10:05 ----D---- C:\Windows\system32\wbem
2014-07-20 15:09:03 ----D---- C:\Windows\system32\CodeIntegrity
2014-07-20 15:09:00 ----D---- C:\Users\rado\AppData\Roaming\GHISLER
2014-07-20 15:08:56 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-07-20 15:08:55 ----D---- C:\Windows\registration
2014-07-16 23:05:26 ----D---- C:\ProgramData\Package Cache
2014-07-14 16:52:08 ----D---- C:\Windows\system32\NDF
2014-07-14 16:42:00 ----D---- C:\Users\rado\AppData\Roaming\Orbit
2014-07-14 15:35:57 ----D---- C:\downloads
2014-07-14 15:35:54 ----D---- C:\Users\rado\AppData\Roaming\Winamp
2014-07-11 18:49:04 ----RSD---- C:\Windows\Fonts
2014-07-11 09:12:38 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-07-11 09:12:38 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-07-11 09:12:37 ----D---- C:\Windows\system32\sk-SK
2014-07-09 22:34:07 ----D---- C:\Windows\Minidump
2014-07-09 20:21:54 ----D---- C:\Program Files\Windows Journal
2014-07-09 20:21:53 ----D---- C:\Windows\SYSWOW64\wbem
2014-07-09 20:21:52 ----D---- C:\Windows\system32\drivers\en-US
2014-07-09 20:21:50 ----SD---- C:\Windows\system32\CompatTel
2014-07-09 20:21:49 ----D---- C:\Windows\SYSWOW64\Dism
2014-07-09 20:21:48 ----D---- C:\Windows\system32\Dism
2014-07-09 20:21:44 ----D---- C:\Windows\ehome
2014-07-09 20:21:38 ----D---- C:\Program Files\Internet Explorer
2014-07-09 20:21:34 ----D---- C:\Program Files (x86)\Internet Explorer
2014-07-09 19:11:33 ----D---- C:\Windows\system32\MRT
2014-07-09 19:02:22 ----A---- C:\Windows\system32\MRT.exe
2014-07-09 18:53:29 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-07-09 11:49:29 ----RSD---- C:\Windows\assembly
2014-07-08 16:13:52 ----D---- C:\Program Files (x86)\B1 Free Archiver
2014-07-08 15:56:46 ----D---- C:\ProgramData\SecTaskMan
2014-06-30 21:57:15 ----D---- C:\Program Files\Opera x64
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-12-18 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-01-17 207904]
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 62136]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-08-29 560184]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-29 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 239320]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 168256]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 44120]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-09-17 220232]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2014-01-27 42696]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-21 146432]
R3 CMIUCR;CMIUCR.SYS CM320/CM220 Card Reader Driver; C:\Windows\system32\DRIVERS\cmiucr_x64.SYS [2007-01-15 160256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2014-07-09 211456]
S3 anhbi85e;anhbi85e; C:\Windows\system32\drivers\anhbi85e.sys []
S3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [2014-02-06 80184]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-03-10 687136]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-07-10 38632]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2014-05-07 42184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-21 32768]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 xhunter1;xhunter1; \??\C:\Windows\xhunter1.sys []
S4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-02-24 1343408]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-11-11 922912]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-05-23 76888]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-06-06 5037888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-18 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-24 262320]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 ArcService;Arc Service; d:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-11-12 1471352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-18 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-19 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-11 119408]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-07-16 542912]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-22 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
-----------------EOF-----------------
prosim naozaj sa tomu nerozumiem za pochopenie a pomoc vopred dakujem
Logfile of random's system information tool 1.08 (written by random/random)
Run by rado at 2014-07-25 20:28:04
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 16 GB (28%) free of 58 GB
Total RAM: 2046 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:28:09, on 25. 7. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\trend micro\rado.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://loa.r2games.com/game/play/?server=3562
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Arc Service (ArcService) - Unknown owner - d:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8829 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
taskeng.exe {787E7442-7B66-4496-BB53-F0E836AD6CFD}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Windows\CmUCREye_x64.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe" /DisableUI
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fb7f9d6c-2a87-4d70-b12a-c11da26b6c1a -SystemEventPortName:HostProcess-74e55cab-2de8-46e0-87db-de6b6a41768b -IoCancelEventPortName:HostProcess-eff95407-04ca-4924-9e14-354130020f42 -NonStateChangingEventPortName:HostProcess-e6f6653a-6403-414d-8ce9-c3a1ab0939c2 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5b1c94c7-d207-43b9-91c3-db2c8d203511 -DeviceGroupId:WpdFsGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Opera x64\opera.exe"
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"D:\dovnl\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 553384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21 6270336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 210856]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2014-01-16 241432]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13 3214392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmiboot"=C:\Windows\cmiboot.exe [2007-02-07 65536]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-02-24 5581888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2012-11-13 3825176]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\movies~1\datamngr\x64\mgrldr.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
""=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe"="C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe"="C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2014-07-25 20:28:04 ----D---- C:\rsit
2014-07-25 20:28:04 ----D---- C:\Program Files\trend micro
2014-07-24 21:49:02 ----D---- C:\Program Files (x86)\Adobe
2014-07-24 21:17:33 ----D---- C:\Users\rado\AppData\Roaming\Macromedia
2014-07-24 21:17:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-07-24 21:09:19 ----D---- C:\ProgramData\Adobe
2014-07-24 18:55:02 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-07-24 18:54:23 ----A---- C:\Windows\system32\sdnclean64.exe
2014-07-24 18:54:04 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-24 18:42:26 ----D---- C:\Users\rado\AppData\Roaming\Adobe
2014-07-24 16:53:22 ----D---- C:\ProgramData\NVIDIA
2014-07-24 13:42:15 ----A---- C:\Windows\system32\nvvsvc.exe
2014-07-24 13:42:15 ----A---- C:\Windows\system32\nvsvcr.dll
2014-07-24 13:42:15 ----A---- C:\Windows\system32\nvsvc64.dll
2014-07-24 13:42:15 ----A---- C:\Windows\system32\nvshext.dll
2014-07-24 13:42:15 ----A---- C:\Windows\system32\nvmctray.dll
2014-07-24 13:42:15 ----A---- C:\Windows\system32\nvcpl.dll
2014-07-24 13:18:49 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-24 13:18:49 ----A---- C:\Windows\system32\rdpcorets.dll
2014-07-23 20:37:00 ----D---- C:\ProgramData\ESET
2014-07-23 20:37:00 ----D---- C:\Program Files\ESET
2014-07-23 20:19:10 ----A---- C:\Windows\system32\drivers\terminpt.sys
2014-07-23 20:19:10 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
2014-07-23 20:18:59 ----A---- C:\Windows\SYSWOW64\rdpendp_winip.dll
2014-07-23 20:18:58 ----A---- C:\Windows\system32\rdpudd.dll
2014-07-23 20:18:57 ----A---- C:\Windows\system32\rdpendp_winip.dll
2014-07-22 09:38:23 ----D---- C:\Windows\SYSWOW64\Adobe
2014-07-18 21:57:18 ----D---- C:\Users\rado\AppData\Roaming\.mono
2014-07-15 17:23:24 ----D---- C:\Users\rado\AppData\Roaming\Carbon
2014-07-11 09:10:40 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-07-11 09:10:40 ----A---- C:\Windows\system32\mstscax.dll
2014-07-09 19:15:17 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-09 19:15:12 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-09 19:15:12 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-09 19:15:11 ----A---- C:\Windows\system32\tsgqec.dll
2014-07-09 19:15:11 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-07-09 19:15:10 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2014-07-09 19:15:10 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-07-09 19:15:10 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-07-09 19:15:10 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2014-07-09 19:15:10 ----A---- C:\Windows\system32\wksprtPS.dll
2014-07-09 19:15:10 ----A---- C:\Windows\system32\wksprt.exe
2014-07-09 19:15:10 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-07-09 19:15:10 ----A---- C:\Windows\system32\mstsc.exe
2014-07-09 19:15:10 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-07-09 19:15:08 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2014-07-09 19:15:08 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-07-09 18:23:19 ----A---- C:\Windows\system32\win32k.sys
2014-07-09 18:23:15 ----A---- C:\Windows\SYSWOW64\osk.exe
2014-07-09 18:23:14 ----A---- C:\Windows\system32\osk.exe
2014-07-09 18:22:58 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-07-09 18:22:57 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-07-09 18:22:23 ----A---- C:\Windows\system32\drivers\afd.sys
2014-07-09 18:22:21 ----A---- C:\Windows\system32\qedit.dll
2014-07-09 18:22:20 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-07-09 18:21:51 ----A---- C:\Windows\system32\aepdu.dll
2014-07-09 18:21:50 ----A---- C:\Windows\system32\aeinv.dll
2014-07-09 18:20:05 ----A---- C:\Windows\system32\schannel.dll
2014-07-09 18:20:04 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-07-09 18:20:04 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-07-09 18:20:04 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-07-09 18:20:04 ----A---- C:\Windows\system32\kerberos.dll
2014-07-09 18:20:03 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-07-09 18:20:03 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-07-09 18:20:03 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-07-09 18:20:03 ----A---- C:\Windows\system32\wdigest.dll
2014-07-09 18:20:03 ----A---- C:\Windows\system32\TSpkg.dll
2014-07-09 18:20:03 ----A---- C:\Windows\system32\ncrypt.dll
2014-07-09 18:20:03 ----A---- C:\Windows\system32\msv1_0.dll
2014-07-09 18:20:02 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-07-09 18:20:02 ----A---- C:\Windows\system32\credssp.dll
2014-07-09 18:13:27 ----A---- C:\Windows\system32\lsasrv.dll
2014-07-09 18:13:26 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-07-09 18:13:26 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-07-09 18:12:34 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-07-09 18:12:34 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-07-09 18:12:34 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-07-09 18:12:34 ----A---- C:\Windows\system32\iernonce.dll
2014-07-09 18:12:33 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-07-09 18:12:33 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-07-09 18:12:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-07-09 18:12:33 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-07-09 18:12:33 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-07-09 18:12:33 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-07-09 18:12:33 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 18:12:33 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-07-09 18:12:33 ----A---- C:\Windows\system32\iedkcs32.dll
2014-07-09 18:12:29 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-07-09 18:12:29 ----A---- C:\Windows\system32\urlmon.dll
2014-07-09 18:12:28 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-07-09 18:12:27 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-07-09 18:12:27 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-07-09 18:12:27 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-07-09 18:12:27 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 18:12:27 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-07-09 18:12:27 ----A---- C:\Windows\system32\dxtmsft.dll
2014-07-09 18:12:26 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-07-09 18:12:26 ----A---- C:\Windows\system32\msfeeds.dll
2014-07-09 18:12:25 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-07-09 18:12:24 ----A---- C:\Windows\system32\ie4uinit.exe
2014-07-09 18:12:23 ----A---- C:\Windows\system32\iesetup.dll
2014-07-09 18:12:22 ----A---- C:\Windows\system32\iertutil.dll
2014-07-09 18:12:21 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-07-09 18:12:21 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-07-09 18:12:21 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-07-09 18:12:20 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-07-09 18:12:20 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-07-09 18:12:20 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-07-09 18:12:20 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-07-09 18:12:20 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-07-09 18:12:20 ----A---- C:\Windows\system32\jsproxy.dll
2014-07-09 18:12:19 ----A---- C:\Windows\system32\ieui.dll
2014-07-09 18:12:19 ----A---- C:\Windows\system32\dxtrans.dll
2014-07-09 18:12:18 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-07-09 18:12:18 ----A---- C:\Windows\system32\mshtmled.dll
2014-07-09 18:12:18 ----A---- C:\Windows\system32\ieframe.dll
2014-07-09 18:12:17 ----A---- C:\Windows\system32\vbscript.dll
2014-07-09 18:12:17 ----A---- C:\Windows\system32\jscript9diag.dll
2014-07-09 18:12:17 ----A---- C:\Windows\system32\jscript9.dll
2014-07-09 18:12:17 ----A---- C:\Windows\system32\ieUnatt.exe
2014-07-09 18:12:16 ----A---- C:\Windows\system32\wininet.dll
2014-07-09 18:12:16 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-07-09 18:12:16 ----A---- C:\Windows\system32\ieapfltr.dll
2014-07-09 18:12:15 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 18:12:15 ----A---- C:\Windows\system32\msrating.dll
2014-07-09 18:12:15 ----A---- C:\Windows\system32\mshtml.dll
2014-07-06 15:59:38 ----D---- C:\Program Files (x86)\Steam
2014-07-05 16:02:15 ----D---- C:\Program Files (x86)\Warhammer 40000 Kill Team
2014-06-30 21:57:11 ----D---- C:\Program Files (x86)\Opera x64
======List of files/folders modified in the last 1 months======
2014-07-25 20:28:05 ----D---- C:\Windows\Temp
2014-07-25 20:28:04 ----RD---- C:\Program Files
2014-07-25 20:23:07 ----D---- C:\Windows\system32\config
2014-07-25 20:22:43 ----D---- C:\Users\rado\AppData\Roaming\DAEMON Tools Lite
2014-07-25 19:48:56 ----D---- C:\Windows
2014-07-25 13:24:29 ----D---- C:\Windows\System32
2014-07-25 13:24:29 ----D---- C:\Windows\inf
2014-07-25 13:24:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-07-25 13:20:10 ----D---- C:\Users\rado\AppData\Roaming\vlc
2014-07-24 21:50:13 ----SHD---- C:\Windows\Installer
2014-07-24 21:49:02 ----RD---- C:\Program Files (x86)
2014-07-24 21:49:02 ----D---- C:\Program Files (x86)\Common Files
2014-07-24 21:48:33 ----D---- C:\Windows\SysWOW64
2014-07-24 21:17:20 ----D---- C:\Windows\system32\Tasks
2014-07-24 21:17:19 ----D---- C:\Windows\Tasks
2014-07-24 21:09:19 ----HD---- C:\ProgramData
2014-07-24 18:54:48 ----SD---- C:\ProgramData\Microsoft
2014-07-24 16:51:40 ----D---- C:\Users\rado\AppData\Roaming\BitTorrent
2014-07-24 13:42:10 ----D---- C:\Windows\Help
2014-07-24 13:42:10 ----D---- C:\Program Files\NVIDIA Corporation
2014-07-24 13:39:58 ----D---- C:\ProgramData\NVIDIA Corporation
2014-07-24 13:39:06 ----D---- C:\Windows\system32\drivers
2014-07-24 13:38:53 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2014-07-24 13:25:55 ----D---- C:\Windows\system32\catroot
2014-07-24 13:25:54 ----D---- C:\Windows\system32\DriverStore
2014-07-24 13:19:53 ----D---- C:\Windows\winsxs
2014-07-24 13:19:31 ----SHD---- C:\System Volume Information
2014-07-24 13:16:16 ----D---- C:\Windows\system32\catroot2
2014-07-24 04:57:03 ----D---- C:\Windows\rescache
2014-07-23 22:09:38 ----SD---- C:\Users\rado\AppData\Roaming\Microsoft
2014-07-23 21:56:42 ----D---- C:\Program Files\Common Files
2014-07-23 20:39:49 ----D---- C:\Windows\SYSWOW64\en-US
2014-07-23 20:39:49 ----D---- C:\Windows\system32\en-US
2014-07-23 20:39:49 ----D---- C:\Windows\system32\cs-CZ
2014-07-23 20:39:49 ----D---- C:\Windows\PolicyDefinitions
2014-07-22 09:33:01 ----D---- C:\Windows\SYSWOW64\Macromed
2014-07-20 17:11:27 ----D---- C:\Windows\Logs
2014-07-20 15:10:06 ----D---- C:\Windows\system32\wfp
2014-07-20 15:10:05 ----D---- C:\Windows\system32\wbem
2014-07-20 15:09:03 ----D---- C:\Windows\system32\CodeIntegrity
2014-07-20 15:09:00 ----D---- C:\Users\rado\AppData\Roaming\GHISLER
2014-07-20 15:08:56 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-07-20 15:08:55 ----D---- C:\Windows\registration
2014-07-16 23:05:26 ----D---- C:\ProgramData\Package Cache
2014-07-14 16:52:08 ----D---- C:\Windows\system32\NDF
2014-07-14 16:42:00 ----D---- C:\Users\rado\AppData\Roaming\Orbit
2014-07-14 15:35:57 ----D---- C:\downloads
2014-07-14 15:35:54 ----D---- C:\Users\rado\AppData\Roaming\Winamp
2014-07-11 18:49:04 ----RSD---- C:\Windows\Fonts
2014-07-11 09:12:38 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-07-11 09:12:38 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-07-11 09:12:37 ----D---- C:\Windows\system32\sk-SK
2014-07-09 22:34:07 ----D---- C:\Windows\Minidump
2014-07-09 20:21:54 ----D---- C:\Program Files\Windows Journal
2014-07-09 20:21:53 ----D---- C:\Windows\SYSWOW64\wbem
2014-07-09 20:21:52 ----D---- C:\Windows\system32\drivers\en-US
2014-07-09 20:21:50 ----SD---- C:\Windows\system32\CompatTel
2014-07-09 20:21:49 ----D---- C:\Windows\SYSWOW64\Dism
2014-07-09 20:21:48 ----D---- C:\Windows\system32\Dism
2014-07-09 20:21:44 ----D---- C:\Windows\ehome
2014-07-09 20:21:38 ----D---- C:\Program Files\Internet Explorer
2014-07-09 20:21:34 ----D---- C:\Program Files (x86)\Internet Explorer
2014-07-09 19:11:33 ----D---- C:\Windows\system32\MRT
2014-07-09 19:02:22 ----A---- C:\Windows\system32\MRT.exe
2014-07-09 18:53:29 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-07-09 11:49:29 ----RSD---- C:\Windows\assembly
2014-07-08 16:13:52 ----D---- C:\Program Files (x86)\B1 Free Archiver
2014-07-08 15:56:46 ----D---- C:\ProgramData\SecTaskMan
2014-06-30 21:57:15 ----D---- C:\Program Files\Opera x64
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-12-18 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-01-17 207904]
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 62136]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-08-29 560184]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-29 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 239320]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 168256]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 44120]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-09-17 220232]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2014-01-27 42696]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-21 146432]
R3 CMIUCR;CMIUCR.SYS CM320/CM220 Card Reader Driver; C:\Windows\system32\DRIVERS\cmiucr_x64.SYS [2007-01-15 160256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2014-07-09 211456]
S3 anhbi85e;anhbi85e; C:\Windows\system32\drivers\anhbi85e.sys []
S3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [2014-02-06 80184]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-03-10 687136]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-07-10 38632]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2014-05-07 42184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-21 32768]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 xhunter1;xhunter1; \??\C:\Windows\xhunter1.sys []
S4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-02-24 1343408]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-11-11 922912]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-05-23 76888]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-06-06 5037888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-18 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-24 262320]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 ArcService;Arc Service; d:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-11-12 1471352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-18 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-19 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-11 119408]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-07-16 542912]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-22 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
-----------------EOF-----------------
Re: prosim o pomoc
Zdravim 
Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna domaci verze 



Re: prosim o pomoc
celu zostavu a windovs mi robyl brat
Re: prosim o pomoc

- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
CREATERESTOREPOINT netsvcs drivers32 savembr:0 /md5start atapi.sys autochk.exe cdrom.sys explorer.exe hal.dll scecli.dll services.exe svchost.exe tcpip.sys userinit.exe winlogon.exe /md5stop %systemroot%*.* /U /s %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 %SYSTEMDRIVE%\*.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 %PROGRAMFILES%\Opera\opera.exe /md5 %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 %SystemDrive%\PhysicalMBR.bin /md5 *crack* /s *keygen* /s *loader* /s
- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
- Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku
Re: prosim o pomoc
nuze stych 10-15 min bolo nakoniec takmer 3 hodky
OTL logfile created on: 25. 7. 2014 21:56:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rado\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
2,00 Gb Total Physical Memory | 0,55 Gb Available Physical Memory | 27,41% Memory free
4,00 Gb Paging File | 1,58 Gb Available in Paging File | 39,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 57,01 Gb Total Space | 16,03 Gb Free Space | 28,13% Space Free | Partition Type: NTFS
Drive D: | 175,78 Gb Total Space | 73,97 Gb Free Space | 42,08% Space Free | Partition Type: NTFS
Drive J: | 100,00 Mb Total Space | 69,25 Mb Free Space | 69,25% Space Free | Partition Type: NTFS
Drive M: | 4,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive O: | 19,08 Gb Total Space | 16,95 Gb Free Space | 88,84% Space Free | Partition Type: NTFS
Computer Name: RADO-PC | User Name: rado | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2014/07/25 21:53:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rado\Desktop\OTL.exe
PRC - [2014/06/30 21:56:41 | 000,825,696 | ---- | M] (Opera Software) -- C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
PRC - [2014/06/06 16:04:37 | 005,037,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/02/24 16:27:06 | 001,343,408 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2013/05/23 19:50:25 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/11 11:54:22 | 003,672,384 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
========== Modules (No Company Name) ==========
MOD - [2014/07/25 21:47:51 | 002,106,952 | ---- | M] () -- C:\Users\rado\AppData\LocalLow\Unity\WebPlayer\mono\Release3.x.x\mono-1-vc.dll
MOD - [2014/07/24 21:17:13 | 017,029,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
MOD - [2014/05/26 22:30:52 | 002,105,928 | ---- | M] () -- C:\Users\rado\AppData\LocalLow\Unity\WebPlayer\mono\Stable3.x.x\mono-1-vc.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
========== Services (SafeList) ==========
SRV:64bit: - [2014/06/19 02:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/24 16:27:06 | 001,343,408 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013/11/12 09:56:04 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/07/24 21:17:17 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/16 04:28:18 | 000,542,912 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/06/11 13:32:06 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/06 16:04:37 | 005,037,888 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/23 19:50:25 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/07/09 11:46:28 | 000,211,456 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2014/05/07 05:00:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2014/02/06 10:57:57 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/27 18:45:53 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2014/01/17 09:25:31 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/18 09:39:37 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/28 15:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/10/02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/17 14:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/09/17 14:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013/09/17 14:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013/09/17 14:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013/09/17 14:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/08/29 22:09:47 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/08/29 21:55:14 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/08/23 16:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/10 04:48:16 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 05:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/10 13:32:58 | 000,687,136 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/01/15 16:13:18 | 000,160,256 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmiucr_x64.SYS -- (CMIUCR)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.bing.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 CB 7B C8 3C 27 CE 01 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 CB 7B C8 3C 27 CE 01 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://loa.r2games.com/game/play/?server=3562
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 26 2B 94 94 89 CF 01 [binary data]
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\SearchScopes,DefaultScope = {B7FEA943-DAC0-475A-86C8-BD2A48CF5AFF}
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\SearchScopes\{B7FEA943-DAC0-475A-86C8-BD2A48CF5AFF}: "URL" = http://search.softonic.com/INF00176/tb_ ... 11c5&r=578
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://loa.r2games.com/game/play/?server=3562"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: d:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\rado\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2014/07/23 20:37:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014/07/23 20:37:04 | 000,000,000 | ---D | M]
[2014/06/11 02:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rado\AppData\Roaming\mozilla\Extensions
[2014/06/07 23:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rado\AppData\Roaming\mozilla\Firefox\Profiles\nhxx3fhx.default-1402174691302\extensions
[2014/07/18 14:51:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rado\AppData\Roaming\mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824\extensions
[2014/06/11 13:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/11 13:32:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: From Dust = C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj\0.0.0.23_0\
CHR - Extension: Skype Click to Call = C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: PeĹaĹľenka Google = C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O1 HOSTS File: ([2014/01/06 14:44:40 | 000,001,487 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 csc3-2010-crl.verisign.com
O1 - Hosts: 127.0.0.1 ocsp.verisign.com
O1 - Hosts: 127.0.0.1 crl.verisign.com
O1 - Hosts: 127.0.0.1 download.dm.origin.com
O1 - Hosts: 127.0.0.1 secure.download.dm.origin.com
O1 - Hosts: 127.0.0.1 loginregistration.dm.origin.com
O1 - Hosts: 127.0.0.1 achievements.gameservices.ea.com
O1 - Hosts: 127.0.0.1 friends.dm.origin.com
O1 - Hosts: 127.0.0.1 avatar.dm.origin.com
O1 - Hosts: 127.0.0.1 ecommerce.dm.origin.com
O1 - Hosts: 127.0.0.1 static.cdn.ea.com
O1 - Hosts: 127.0.0.1 tealium.hs.llnwd.net
O1 - Hosts: 127.0.0.1 heartbeat.dm.origin.com
O1 - Hosts: 127.0.0.1 web.dm.origin.com
O1 - Hosts: 127.0.0.1 store.origin.com
O1 - Hosts: 127.0.0.1 ec2-54-243-231-82.compute-1.amazonaws.com
O1 - Hosts: 127.0.0.1 eaassets-a.akamaihd.net
O1 - Hosts: 127.0.0.1 ssl.resources.ea.com
O1 - Hosts: 127.0.0.1 akamai.cdn.ea.com
O1 - Hosts: 127.0.0.1 novafusion.ea.com
O1 - Hosts: 127.0.0.1 proxy.novafusion.ea.com
O1 - Hosts: 127.0.0.1 ec2-23-23-167-200.compute-1.amazonaws.com
O1 - Hosts: 127.0.0.1 dirtybits.dm.origin.com
O1 - Hosts: 127.0.0.1 chat.dm.origin.com
O1 - Hosts: 127.0.0.1 easo.ea.com
O1 - Hosts: 16 more lines...
O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\Toolbar\WebBrowser: (no name) - {62D40876-DF18-411F-9D34-A9DD7A197BC5} - No CLSID value found.
O3 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\Toolbar\WebBrowser: (no name) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No CLSID value found.
O3 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [Cmiboot] C:\Windows\cmiboot.exe ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39F2C3FC-2779-4BFB-9D38-619C20320C8A}: DhcpNameServer = 192.168.1.1 194.1.215.2 194.1.215.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EE29C03-26C5-462E-8A8B-42D2B453D09E}: DhcpNameServer = 194.1.215.2 194.1.215.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8311DC9-E26F-4A14-AF32-B3E4D7D73FD4}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\x64\mgrldr.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/14 00:09:50 | 000,000,043 | R--- | M] () - M:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c27f0203-9a86-11db-95a2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c27f0203-9a86-11db-95a2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CheckID.exe
O33 - MountPoints2\{d7b3a6be-f213-11e1-b6ba-0015588f11c5}\Shell - "" = AutoRun
O33 - MountPoints2\{d7b3a6be-f213-11e1-b6ba-0015588f11c5}\Shell\AutoRun\command - "" = M:\setup.exe -- [2009/08/14 00:09:50 | 000,111,880 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2014/07/25 21:53:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rado\Desktop\OTL.exe
[2014/07/25 21:42:43 | 000,000,000 | ---D | C] -- C:\Users\rado\AppData\Roaming\NVIDIA
[2014/07/25 20:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/07/25 20:28:04 | 000,000,000 | ---D | C] -- C:\rsit
[2014/07/24 22:14:00 | 000,000,000 | ---D | C] -- C:\Users\rado\AppData\Local\Adobe
[2014/07/24 21:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/07/24 21:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/07/24 21:17:33 | 000,000,000 | ---D | C] -- C:\Users\rado\AppData\Roaming\Macromedia
[2014/07/24 21:17:17 | 000,699,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/24 21:17:16 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/24 21:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/07/24 18:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/07/24 18:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/07/24 18:54:23 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/07/24 18:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/07/24 18:42:26 | 000,000,000 | ---D | C] -- C:\Users\rado\AppData\Roaming\Adobe
[2014/07/24 16:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/07/24 13:42:15 | 006,674,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2014/07/24 13:42:15 | 003,490,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2014/07/24 13:42:15 | 002,559,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2014/07/24 13:42:15 | 000,219,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2014/07/24 13:42:15 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2014/07/24 13:18:49 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/07/24 13:18:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/07/23 20:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2014/07/23 20:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2014/07/23 20:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/07/23 20:19:10 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\terminpt.sys
[2014/07/23 20:19:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2014/07/23 20:18:59 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2014/07/23 20:18:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2014/07/23 20:18:57 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2014/07/22 09:38:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/12/21 12:59:53 | 004,216,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\vcredist.exe
========== Files - Modified Within 7 Days ==========
[2014/07/25 22:19:48 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/07/25 22:17:11 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/25 21:53:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rado\Desktop\OTL.exe
[2014/07/25 21:51:49 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/25 20:30:07 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/25 20:30:07 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/25 20:22:36 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/25 20:22:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/25 13:24:29 | 001,751,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/25 13:24:29 | 000,660,758 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014/07/25 13:24:29 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/25 13:24:29 | 000,144,580 | ---- | M] () -- C:\Windows\SysNative\perfh01B.dat
[2014/07/25 13:24:29 | 000,141,408 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014/07/25 13:24:29 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/25 13:24:29 | 000,036,678 | ---- | M] () -- C:\Windows\SysNative\perfc01B.dat
[2014/07/24 21:49:35 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/07/24 21:17:17 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/24 21:17:16 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/24 18:54:48 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/07/23 21:56:43 | 000,157,805 | -H-- | M] () -- C:\treeinfo.wc
[2014/07/21 22:59:22 | 000,007,666 | ---- | M] () -- C:\Users\rado\AppData\Local\Resmon.ResmonCfg
[2014/07/20 16:32:21 | 000,000,222 | ---- | M] () -- C:\Users\rado\Desktop\HAWKEN.url
========== Files Created - No Company Name ==========
[2014/07/25 22:19:48 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/07/24 21:49:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/07/24 21:49:35 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/07/24 21:17:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/24 18:54:48 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/07/24 18:54:48 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/07/24 13:42:15 | 003,467,927 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/07/20 16:32:20 | 000,000,222 | ---- | C] () -- C:\Users\rado\Desktop\HAWKEN.url
[2014/04/28 22:37:44 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014/04/28 22:37:44 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014/02/14 22:30:24 | 000,001,096 | ---- | C] () -- C:\Users\rado\AppData\Local\SRDownloader.nast
[2014/02/14 22:25:36 | 000,000,066 | ---- | C] () -- C:\Users\rado\AppData\Local\SRDownloader.err
[2014/02/14 22:19:07 | 000,001,072 | ---- | C] () -- C:\Users\rado\AppData\Local\sharerapid-download-manager.nast
[2014/02/14 22:18:24 | 000,000,262 | ---- | C] () -- C:\Users\rado\AppData\Local\sharerapid-download-manager.err
[2013/11/12 09:57:58 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/06/17 19:19:57 | 000,000,111 | ---- | C] () -- C:\Users\rado\AppData\Roaming\profiles.ini
[2013/05/23 18:44:22 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013/05/08 08:58:20 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2013/04/17 18:58:21 | 000,005,120 | ---- | C] () -- C:\Users\rado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/23 23:49:11 | 001,710,010 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/15 01:50:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/12/18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/12/18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/12/18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/12/18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/12/02 17:34:23 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/12/02 12:13:48 | 000,007,666 | ---- | C] () -- C:\Users\rado\AppData\Local\Resmon.ResmonCfg
[2012/10/03 15:15:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/09/01 23:02:18 | 000,306,688 | ---- | C] () -- C:\Windows\unarc.dll
[2012/08/29 21:53:50 | 000,000,269 | ---- | C] () -- C:\Windows\dll-download-system.com.URL
[2012/08/29 21:34:25 | 000,306,688 | ---- | C] () -- C:\Windows\SysWow64\unarc.dll
[2012/08/24 18:48:27 | 000,298,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/24 18:47:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/08/23 15:59:40 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
========== ZeroAccess Check ==========
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/07/18 21:57:18 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\.mono
[2014/07/24 16:51:40 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\BitTorrent
[2014/07/15 17:23:24 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Carbon
[2013/08/06 11:35:30 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Crash Reports
[2014/07/25 20:22:43 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\DAEMON Tools Lite
[2013/04/09 19:39:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\DriverCure
[2012/12/07 08:59:23 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\DVDVideoSoft
[2012/10/03 15:19:16 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ESET
[2012/08/25 22:05:36 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GetRightToGo
[2014/07/20 15:09:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GHISLER
[2013/07/31 12:44:05 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GoforFiles
[2012/08/24 16:40:35 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GrabPro
[2013/10/26 11:40:17 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\IObit
[2013/01/31 10:32:57 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Mikrotik
[2012/10/13 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\OpenOffice.org
[2013/07/31 21:00:38 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Opera
[2014/07/14 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Orbit
[2013/06/17 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Profiles
[2012/08/24 16:40:37 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ProgSense
[2014/05/15 19:40:10 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\TeamViewer
[2013/10/13 19:43:35 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\TS3Client
[2013/02/13 16:08:38 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ts3overlay
[2014/03/17 13:19:23 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Unity
[2012/10/15 12:05:39 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ValuSoft
OTL logfile created on: 25. 7. 2014 21:56:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rado\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
2,00 Gb Total Physical Memory | 0,55 Gb Available Physical Memory | 27,41% Memory free
4,00 Gb Paging File | 1,58 Gb Available in Paging File | 39,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 57,01 Gb Total Space | 16,03 Gb Free Space | 28,13% Space Free | Partition Type: NTFS
Drive D: | 175,78 Gb Total Space | 73,97 Gb Free Space | 42,08% Space Free | Partition Type: NTFS
Drive J: | 100,00 Mb Total Space | 69,25 Mb Free Space | 69,25% Space Free | Partition Type: NTFS
Drive M: | 4,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive O: | 19,08 Gb Total Space | 16,95 Gb Free Space | 88,84% Space Free | Partition Type: NTFS
Computer Name: RADO-PC | User Name: rado | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2014/07/25 21:53:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rado\Desktop\OTL.exe
PRC - [2014/06/30 21:56:41 | 000,825,696 | ---- | M] (Opera Software) -- C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
PRC - [2014/06/06 16:04:37 | 005,037,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/02/24 16:27:06 | 001,343,408 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2013/05/23 19:50:25 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/11 11:54:22 | 003,672,384 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
========== Modules (No Company Name) ==========
MOD - [2014/07/25 21:47:51 | 002,106,952 | ---- | M] () -- C:\Users\rado\AppData\LocalLow\Unity\WebPlayer\mono\Release3.x.x\mono-1-vc.dll
MOD - [2014/07/24 21:17:13 | 017,029,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
MOD - [2014/05/26 22:30:52 | 002,105,928 | ---- | M] () -- C:\Users\rado\AppData\LocalLow\Unity\WebPlayer\mono\Stable3.x.x\mono-1-vc.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
========== Services (SafeList) ==========
SRV:64bit: - [2014/06/19 02:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/24 16:27:06 | 001,343,408 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013/11/12 09:56:04 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/07/24 21:17:17 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/16 04:28:18 | 000,542,912 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/06/11 13:32:06 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/06 16:04:37 | 005,037,888 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/23 19:50:25 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/07/09 11:46:28 | 000,211,456 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2014/05/07 05:00:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2014/02/06 10:57:57 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/27 18:45:53 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2014/01/17 09:25:31 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/18 09:39:37 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/28 15:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/10/02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/17 14:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/09/17 14:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013/09/17 14:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013/09/17 14:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013/09/17 14:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/08/29 22:09:47 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/08/29 21:55:14 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/08/23 16:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/10 04:48:16 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 05:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/10 13:32:58 | 000,687,136 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/01/15 16:13:18 | 000,160,256 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmiucr_x64.SYS -- (CMIUCR)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.bing.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 CB 7B C8 3C 27 CE 01 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 CB 7B C8 3C 27 CE 01 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://loa.r2games.com/game/play/?server=3562
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 26 2B 94 94 89 CF 01 [binary data]
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\SearchScopes,DefaultScope = {B7FEA943-DAC0-475A-86C8-BD2A48CF5AFF}
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\SearchScopes\{B7FEA943-DAC0-475A-86C8-BD2A48CF5AFF}: "URL" = http://search.softonic.com/INF00176/tb_ ... 11c5&r=578
IE - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://loa.r2games.com/game/play/?server=3562"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: d:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\rado\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2014/07/23 20:37:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014/07/23 20:37:04 | 000,000,000 | ---D | M]
[2014/06/11 02:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rado\AppData\Roaming\mozilla\Extensions
[2014/06/07 23:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rado\AppData\Roaming\mozilla\Firefox\Profiles\nhxx3fhx.default-1402174691302\extensions
[2014/07/18 14:51:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rado\AppData\Roaming\mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824\extensions
[2014/06/11 13:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/11 13:32:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: From Dust = C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj\0.0.0.23_0\
CHR - Extension: Skype Click to Call = C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: PeĹaĹľenka Google = C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O1 HOSTS File: ([2014/01/06 14:44:40 | 000,001,487 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 csc3-2010-crl.verisign.com
O1 - Hosts: 127.0.0.1 ocsp.verisign.com
O1 - Hosts: 127.0.0.1 crl.verisign.com
O1 - Hosts: 127.0.0.1 download.dm.origin.com
O1 - Hosts: 127.0.0.1 secure.download.dm.origin.com
O1 - Hosts: 127.0.0.1 loginregistration.dm.origin.com
O1 - Hosts: 127.0.0.1 achievements.gameservices.ea.com
O1 - Hosts: 127.0.0.1 friends.dm.origin.com
O1 - Hosts: 127.0.0.1 avatar.dm.origin.com
O1 - Hosts: 127.0.0.1 ecommerce.dm.origin.com
O1 - Hosts: 127.0.0.1 static.cdn.ea.com
O1 - Hosts: 127.0.0.1 tealium.hs.llnwd.net
O1 - Hosts: 127.0.0.1 heartbeat.dm.origin.com
O1 - Hosts: 127.0.0.1 web.dm.origin.com
O1 - Hosts: 127.0.0.1 store.origin.com
O1 - Hosts: 127.0.0.1 ec2-54-243-231-82.compute-1.amazonaws.com
O1 - Hosts: 127.0.0.1 eaassets-a.akamaihd.net
O1 - Hosts: 127.0.0.1 ssl.resources.ea.com
O1 - Hosts: 127.0.0.1 akamai.cdn.ea.com
O1 - Hosts: 127.0.0.1 novafusion.ea.com
O1 - Hosts: 127.0.0.1 proxy.novafusion.ea.com
O1 - Hosts: 127.0.0.1 ec2-23-23-167-200.compute-1.amazonaws.com
O1 - Hosts: 127.0.0.1 dirtybits.dm.origin.com
O1 - Hosts: 127.0.0.1 chat.dm.origin.com
O1 - Hosts: 127.0.0.1 easo.ea.com
O1 - Hosts: 16 more lines...
O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\Toolbar\WebBrowser: (no name) - {62D40876-DF18-411F-9D34-A9DD7A197BC5} - No CLSID value found.
O3 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\Toolbar\WebBrowser: (no name) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No CLSID value found.
O3 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [Cmiboot] C:\Windows\cmiboot.exe ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39F2C3FC-2779-4BFB-9D38-619C20320C8A}: DhcpNameServer = 192.168.1.1 194.1.215.2 194.1.215.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EE29C03-26C5-462E-8A8B-42D2B453D09E}: DhcpNameServer = 194.1.215.2 194.1.215.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8311DC9-E26F-4A14-AF32-B3E4D7D73FD4}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\x64\mgrldr.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/14 00:09:50 | 000,000,043 | R--- | M] () - M:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c27f0203-9a86-11db-95a2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c27f0203-9a86-11db-95a2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CheckID.exe
O33 - MountPoints2\{d7b3a6be-f213-11e1-b6ba-0015588f11c5}\Shell - "" = AutoRun
O33 - MountPoints2\{d7b3a6be-f213-11e1-b6ba-0015588f11c5}\Shell\AutoRun\command - "" = M:\setup.exe -- [2009/08/14 00:09:50 | 000,111,880 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2014/07/25 21:53:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rado\Desktop\OTL.exe
[2014/07/25 21:42:43 | 000,000,000 | ---D | C] -- C:\Users\rado\AppData\Roaming\NVIDIA
[2014/07/25 20:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/07/25 20:28:04 | 000,000,000 | ---D | C] -- C:\rsit
[2014/07/24 22:14:00 | 000,000,000 | ---D | C] -- C:\Users\rado\AppData\Local\Adobe
[2014/07/24 21:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/07/24 21:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/07/24 21:17:33 | 000,000,000 | ---D | C] -- C:\Users\rado\AppData\Roaming\Macromedia
[2014/07/24 21:17:17 | 000,699,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/24 21:17:16 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/24 21:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/07/24 18:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/07/24 18:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/07/24 18:54:23 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/07/24 18:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/07/24 18:42:26 | 000,000,000 | ---D | C] -- C:\Users\rado\AppData\Roaming\Adobe
[2014/07/24 16:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/07/24 13:42:15 | 006,674,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2014/07/24 13:42:15 | 003,490,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2014/07/24 13:42:15 | 002,559,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2014/07/24 13:42:15 | 000,219,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2014/07/24 13:42:15 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2014/07/24 13:18:49 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/07/24 13:18:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/07/23 20:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2014/07/23 20:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2014/07/23 20:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/07/23 20:19:10 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\terminpt.sys
[2014/07/23 20:19:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2014/07/23 20:18:59 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2014/07/23 20:18:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2014/07/23 20:18:57 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2014/07/22 09:38:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/12/21 12:59:53 | 004,216,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\vcredist.exe
========== Files - Modified Within 7 Days ==========
[2014/07/25 22:19:48 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/07/25 22:17:11 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/25 21:53:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rado\Desktop\OTL.exe
[2014/07/25 21:51:49 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/25 20:30:07 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/25 20:30:07 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/25 20:22:36 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/25 20:22:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/25 13:24:29 | 001,751,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/25 13:24:29 | 000,660,758 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014/07/25 13:24:29 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/25 13:24:29 | 000,144,580 | ---- | M] () -- C:\Windows\SysNative\perfh01B.dat
[2014/07/25 13:24:29 | 000,141,408 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014/07/25 13:24:29 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/25 13:24:29 | 000,036,678 | ---- | M] () -- C:\Windows\SysNative\perfc01B.dat
[2014/07/24 21:49:35 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/07/24 21:17:17 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/24 21:17:16 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/24 18:54:48 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/07/23 21:56:43 | 000,157,805 | -H-- | M] () -- C:\treeinfo.wc
[2014/07/21 22:59:22 | 000,007,666 | ---- | M] () -- C:\Users\rado\AppData\Local\Resmon.ResmonCfg
[2014/07/20 16:32:21 | 000,000,222 | ---- | M] () -- C:\Users\rado\Desktop\HAWKEN.url
========== Files Created - No Company Name ==========
[2014/07/25 22:19:48 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/07/24 21:49:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/07/24 21:49:35 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/07/24 21:17:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/24 18:54:48 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/07/24 18:54:48 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/07/24 13:42:15 | 003,467,927 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/07/20 16:32:20 | 000,000,222 | ---- | C] () -- C:\Users\rado\Desktop\HAWKEN.url
[2014/04/28 22:37:44 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014/04/28 22:37:44 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014/02/14 22:30:24 | 000,001,096 | ---- | C] () -- C:\Users\rado\AppData\Local\SRDownloader.nast
[2014/02/14 22:25:36 | 000,000,066 | ---- | C] () -- C:\Users\rado\AppData\Local\SRDownloader.err
[2014/02/14 22:19:07 | 000,001,072 | ---- | C] () -- C:\Users\rado\AppData\Local\sharerapid-download-manager.nast
[2014/02/14 22:18:24 | 000,000,262 | ---- | C] () -- C:\Users\rado\AppData\Local\sharerapid-download-manager.err
[2013/11/12 09:57:58 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/06/17 19:19:57 | 000,000,111 | ---- | C] () -- C:\Users\rado\AppData\Roaming\profiles.ini
[2013/05/23 18:44:22 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013/05/08 08:58:20 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2013/04/17 18:58:21 | 000,005,120 | ---- | C] () -- C:\Users\rado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/23 23:49:11 | 001,710,010 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/15 01:50:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/12/18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/12/18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/12/18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/12/18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/12/02 17:34:23 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/12/02 12:13:48 | 000,007,666 | ---- | C] () -- C:\Users\rado\AppData\Local\Resmon.ResmonCfg
[2012/10/03 15:15:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/09/01 23:02:18 | 000,306,688 | ---- | C] () -- C:\Windows\unarc.dll
[2012/08/29 21:53:50 | 000,000,269 | ---- | C] () -- C:\Windows\dll-download-system.com.URL
[2012/08/29 21:34:25 | 000,306,688 | ---- | C] () -- C:\Windows\SysWow64\unarc.dll
[2012/08/24 18:48:27 | 000,298,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/24 18:47:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/08/23 15:59:40 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
========== ZeroAccess Check ==========
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/07/18 21:57:18 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\.mono
[2014/07/24 16:51:40 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\BitTorrent
[2014/07/15 17:23:24 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Carbon
[2013/08/06 11:35:30 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Crash Reports
[2014/07/25 20:22:43 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\DAEMON Tools Lite
[2013/04/09 19:39:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\DriverCure
[2012/12/07 08:59:23 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\DVDVideoSoft
[2012/10/03 15:19:16 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ESET
[2012/08/25 22:05:36 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GetRightToGo
[2014/07/20 15:09:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GHISLER
[2013/07/31 12:44:05 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GoforFiles
[2012/08/24 16:40:35 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GrabPro
[2013/10/26 11:40:17 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\IObit
[2013/01/31 10:32:57 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Mikrotik
[2012/10/13 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\OpenOffice.org
[2013/07/31 21:00:38 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Opera
[2014/07/14 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Orbit
[2013/06/17 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Profiles
[2012/08/24 16:40:37 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ProgSense
[2014/05/15 19:40:10 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\TeamViewer
[2013/10/13 19:43:35 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\TS3Client
[2013/02/13 16:08:38 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ts3overlay
[2014/03/17 13:19:23 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Unity
[2012/10/15 12:05:39 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ValuSoft
Re: prosim o pomoc
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,502 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/12/18 09:40:53 | 000,000,928 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/12/18 09:40:56 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014/07/24 21:17:19 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010/11/21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
< MD5 for: HAL.DLL >
[2010/11/21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
< MD5 for: SCECLI.DLL >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2014/04/05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014/04/05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012/10/03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013/09/08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014/04/05 04:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010/11/21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/09/07 04:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012/10/03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/11/26 13:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
< >
< %systemroot%*.* /U /s >
[14 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[37 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\ei_temp\*.tmp files -> C:\Windows\ei_temp\*.tmp -> ]
[113 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0b5dbb4bd6ca7218a75a35c073a90d83\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0b5dbb4bd6ca7218a75a35c073a90d83\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0eb7f34d82700bac66b9fa746b064102\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0eb7f34d82700bac66b9fa746b064102\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\1482b2e67c918242d9983970a6d1b2e8\*.tmp files -> C:\Windows\SoftwareDistribution\Download\1482b2e67c918242d9983970a6d1b2e8\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\1e86c7769b1cbd2f2f5f3ae4a4e4f45b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\1e86c7769b1cbd2f2f5f3ae4a4e4f45b\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\1fcd8a16deed5f56c437d48d1fe804d5\*.tmp files -> C:\Windows\SoftwareDistribution\Download\1fcd8a16deed5f56c437d48d1fe804d5\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\280eca608a6e27514e47fb0c5b4c8dfd\*.tmp files -> C:\Windows\SoftwareDistribution\Download\280eca608a6e27514e47fb0c5b4c8dfd\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\28ca6a76a003a90388c85242b975a278\*.tmp files -> C:\Windows\SoftwareDistribution\Download\28ca6a76a003a90388c85242b975a278\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\2b0c929d1cd6ccc86462da10bc08ea07\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2b0c929d1cd6ccc86462da10bc08ea07\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\2c072545d220c1f24008546826e7e76a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2c072545d220c1f24008546826e7e76a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\4d989ee184a356da1673061e05019eb1\*.tmp files -> C:\Windows\SoftwareDistribution\Download\4d989ee184a356da1673061e05019eb1\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\4fcc77e9fb0839a5eeb1594fd65d3dd4\*.tmp files -> C:\Windows\SoftwareDistribution\Download\4fcc77e9fb0839a5eeb1594fd65d3dd4\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\57a69878f0bf29c74bd006295cc4160a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\57a69878f0bf29c74bd006295cc4160a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\6521cc8ffb9546e8e3fa2082b849082d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\6521cc8ffb9546e8e3fa2082b849082d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\66a275e2e1473dcee3e73074ff131ce6\*.tmp files -> C:\Windows\SoftwareDistribution\Download\66a275e2e1473dcee3e73074ff131ce6\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\69d0cc51cd2a67047785b2d63872e8c5\*.tmp files -> C:\Windows\SoftwareDistribution\Download\69d0cc51cd2a67047785b2d63872e8c5\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\850b50f1851e5282f37bc2c500b86679\*.tmp files -> C:\Windows\SoftwareDistribution\Download\850b50f1851e5282f37bc2c500b86679\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b457d3b4a5282cd6516d0d352ad011f1\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b457d3b4a5282cd6516d0d352ad011f1\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\d71c4a0b7f913133725972d00b29e564\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d71c4a0b7f913133725972d00b29e564\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\e069ca30d8e977934db0cea42b390de6\*.tmp files -> C:\Windows\SoftwareDistribution\Download\e069ca30d8e977934db0cea42b390de6\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\eddecd23b6c981630f1e36feb0c7a319\*.tmp files -> C:\Windows\SoftwareDistribution\Download\eddecd23b6c981630f1e36feb0c7a319\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\f88e21f4729f2dbc348d4c9bfd0b913c\*.tmp files -> C:\Windows\SoftwareDistribution\Download\f88e21f4729f2dbc348d4c9bfd0b913c\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp -> ]
[1 C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp files -> C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2014/07/18 21:57:18 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\.mono
[2014/07/24 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Adobe
[2012/08/25 21:21:58 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Ahead
[2014/07/24 16:51:40 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\BitTorrent
[2014/07/15 17:23:24 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Carbon
[2013/08/06 11:35:30 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Crash Reports
[2014/07/25 20:22:43 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\DAEMON Tools Lite
[2013/04/09 19:39:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\DriverCure
[2012/12/07 08:59:23 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\DVDVideoSoft
[2012/10/03 15:19:16 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ESET
[2012/08/25 22:05:36 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GetRightToGo
[2014/07/20 15:09:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GHISLER
[2013/07/31 12:44:05 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GoforFiles
[2012/08/24 16:40:35 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GrabPro
[2012/08/22 15:29:50 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Identities
[2013/10/26 11:40:17 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\IObit
[2014/07/24 21:17:33 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Macromedia
[2010/11/21 17:10:34 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Media Center Programs
[2014/07/23 22:09:38 | 000,000,000 | --SD | M] -- C:\Users\rado\AppData\Roaming\Microsoft
[2013/01/31 10:32:57 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Mikrotik
[2014/06/11 02:02:29 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Mozilla
[2012/08/26 11:49:19 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Nero
[2014/07/25 21:42:43 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\NVIDIA
[2012/10/13 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\OpenOffice.org
[2013/07/31 21:00:38 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Opera
[2014/07/14 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Orbit
[2013/06/17 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Profiles
[2012/08/24 16:40:37 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ProgSense
[2013/03/23 16:46:53 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Real
[2013/03/22 10:53:59 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\RealNetworks
[2014/05/16 17:47:54 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Skype
[2014/05/15 19:40:10 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\TeamViewer
[2013/10/13 19:43:35 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\TS3Client
[2013/02/13 16:08:38 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ts3overlay
[2014/03/17 13:19:23 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Unity
[2012/10/15 12:05:39 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ValuSoft
[2014/07/25 13:20:10 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\vlc
[2014/07/14 15:35:54 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Winamp
[2012/09/02 19:14:50 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2014/07/05 14:57:31 | 001,267,032 | ---- | M] (BitTorrent Inc.) -- C:\Users\rado\AppData\Roaming\BitTorrent\BitTorrent.exe
[2014/02/03 14:49:39 | 000,900,696 | ---- | M] (BitTorrent Inc.) -- C:\Users\rado\AppData\Roaming\BitTorrent\updates\7.8.2_30489.exe
[2014/06/21 18:39:01 | 001,241,168 | ---- | M] (BitTorrent Inc.) -- C:\Users\rado\AppData\Roaming\BitTorrent\updates\7.9.1_31396.exe
[2014/07/05 14:57:31 | 001,267,032 | ---- | M] (BitTorrent Inc.) -- C:\Users\rado\AppData\Roaming\BitTorrent\updates\7.9.2_32128.exe
[2014/07/15 17:14:22 | 013,994,664 | ---- | M] () -- C:\Users\rado\AppData\Roaming\Carbon\AirMech\AirMech.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2014/07/25 23:51:21 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/07/25 20:22:36 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/07/26 00:17:12 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014/07/24 21:17:17 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014/07/24 21:17:16 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2012/04/11 11:54:22 | 003,672,384 | ---- | M] (DT Soft Ltd)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2014/06/11 13:32:32 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=B1E01D636350983E94171E229C759468 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014/06/20 21:39:54 | 000,812,216 | ---- | M] (Microsoft Corporation) MD5=CD900EFB4F8946A2BB1950D9F45915C2 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014/07/15 11:24:50 | 000,860,488 | ---- | M] (Google Inc.) MD5=B43E68B8A022FB00FF54360D408E871B -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/07/25 22:19:48 | 000,000,512 | ---- | M] () MD5=E8F17D9C62FAE8566B2F877A0FF3D8B8 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2013/12/06 15:04:46 | 000,000,979 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fexplicite-art-blog.com%2Finthecrack%2Fjennifer%2F06.png
[2013/12/06 15:04:56 | 000,001,002 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fexplicite-art-blog.com%2Finthecrack%2Fjennifer%2F07.png
[2014/01/24 16:07:03 | 000,000,985 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fexplicite-art-blog.com%2Finthecrack%2Fliz-honey%2F12.png
[2014/03/05 10:34:45 | 000,000,956 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fexplicite-art-blog.com%2Finthecrack%2Fnatasha%2F04.png
[2014/01/23 20:45:34 | 000,000,994 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fwww.jesuslovesporn.net%2Fsource_galleries%2Finthecrack-795-cassie-laine%2F14.png
[2014/01/23 20:45:24 | 000,000,963 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fwww.jesuslovesporn.net%2Fsource_galleries%2Finthecrack-795-cassie-laine%2F15.png
[2012/10/04 18:31:44 | 000,008,438 | ---- | M] () -- \Users\rado\AppData\Roaming\BitTorrent\Borderlands 2 Crack Only Fixed-3DM.torrent
[2013/02/20 11:34:26 | 000,005,952 | ---- | M] () -- \Users\rado\AppData\Roaming\BitTorrent\CCleaner Professional and Business Edition 3.27.1900 Incl Crack.torrent
[2013/11/04 22:48:05 | 000,036,820 | ---- | M] () -- \Users\rado\AppData\Roaming\BitTorrent\How.to.Survive.Cracked-P2PGAMES.torrent
[2013/07/26 17:36:27 | 000,012,476 | ---- | M] () -- \Users\rado\AppData\Roaming\BitTorrent\Minecraft-1.6.2---Cracked-Gajdy.exe.torrent
[2013/10/11 14:32:19 | 000,015,450 | ---- | M] () -- \Users\rado\AppData\Roaming\BitTorrent\Worms.Reloaded.v1.0.0.476.multi8.cracked.READ.NFO-THETA.torrent
[2014/07/09 11:41:04 | 000,000,703 | ---- | M] () -- \Users\rado\AppData\Roaming\Microsoft\Windows\Recent\Darkstar.One.CRACKFIX-RELOADED.lnk
< *keygen* /s >
[2012/08/25 21:00:13 | 000,015,146 | ---- | M] () -- \Users\rado\AppData\Roaming\BitTorrent\Nero 7 Premium 7.8.5.0 CZ + keygen.rar.torrent
< *loader* /s >
[2014/02/05 11:31:23 | 001,169,184 | ---- | M] () -- \NVIDIA\DisplayDriver\GeForce334.89Driver\GFExperience\ExtensionLoader.dll
[2013/11/29 18:55:28 | 001,168,672 | ---- | M] () -- \NVIDIA\DisplayDriver\GeForceR331GameReadyDriver\ExtensionLoader.dll
[2013/12/10 04:13:27 | 001,168,672 | ---- | M] () -- \NVIDIA\DisplayDriver\GeForceR331Game-Ready-Driver\ExtensionLoader.dll
[2013/11/14 13:56:55 | 001,168,672 | ---- | M] () -- \NVIDIA\DisplayDriver\GeForceR331GameReadyDriver\GFExperience\ExtensionLoader.dll
[2013/12/10 04:15:46 | 001,168,672 | ---- | M] () -- \NVIDIA\DisplayDriver\GeForceR331Game-Ready-Driver\GFExperience\ExtensionLoader.dll
[2013/10/04 08:41:02 | 000,000,194 | ---- | M] () -- \Program Files (x86)\Common Files\Blizzard Entertainment\BlizzardDownloader.ini
[2013/07/25 04:43:28 | 000,065,344 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013/07/25 04:43:30 | 000,067,904 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2013/07/25 04:43:12 | 000,073,024 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2013/07/25 04:43:12 | 000,080,704 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2012/08/13 10:52:58 | 000,006,081 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.py
[2012/08/10 16:50:58 | 000,020,992 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2012/08/13 11:04:18 | 000,000,171 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2012/08/10 16:50:54 | 000,029,696 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2012/08/13 10:12:36 | 000,003,868 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\URE\java\unoloader.jar
[2013/10/23 22:07:40 | 000,007,825 | ---- | M] () -- \Program Files (x86)\Steam\remoteui\static\libs\images\ajax-loader.gif
[2012/11/27 15:39:24 | 000,042,548 | ---- | M] () -- \Program Files (x86)\Unity\MonoDevelop\bin\gdk-pixbuf-query-loaders.exe
[2014/01/08 15:40:42 | 000,002,992 | ---- | M] () -- \Program Files (x86)\Unity\MonoDevelop\etc\gtk-2.0\gdk-pixbuf.loaders
[2013/05/16 16:41:22 | 001,152,288 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{0293DC07-8EF6-4FE4-AD03-650CD0E77996}\ExtensionLoader.dll
[2013/10/18 03:34:40 | 001,168,672 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{F89FE3B2-F001-4734-B04C-DE54B4F6D7D1}\ExtensionLoader.dll
[2013/11/15 21:39:04 | 000,021,519 | ---- | M] () -- \ProgramData\IObit\ASCDownloader\Downloader.log
[2013/11/15 21:39:04 | 000,021,519 | ---- | M] () -- \Users\All Users\IObit\ASCDownloader\Downloader.log
[2014/02/14 22:25:36 | 000,000,066 | ---- | M] () -- \Users\rado\AppData\Local\SRDownloader.err
[2014/02/14 23:14:56 | 000,001,096 | ---- | M] () -- \Users\rado\AppData\Local\SRDownloader.nast
[2012/08/29 22:10:58 | 000,057,728 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2012/08/29 22:10:58 | 000,057,728 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2012/08/29 22:10:58 | 000,057,728 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2012/08/29 22:10:59 | 000,057,728 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin3\dt_dadget_loader.png
[2012/08/29 22:10:59 | 000,057,728 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin4\dt_dadget_loader.png
[2012/08/29 22:10:59 | 000,061,770 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin5\dt_dadget_loader.png
[2012/08/29 22:11:00 | 000,061,770 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin6\dt_dadget_loader.png
[2014/04/10 18:42:37 | 000,000,706 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fwww.orbitdownloader.com%2Ffavicon.png
[2014/04/10 18:42:37 | 000,000,095 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\www.orbitdownloader.com.idx
[2014/01/28 19:35:56 | 000,072,638 | ---- | M] () -- \Users\rado\AppData\Local\Skype\Apps\login\images\loader.gif
[2014/01/28 19:35:56 | 000,003,032 | ---- | M] () -- \Users\rado\AppData\Local\Skype\Apps\login\images\loader.png
[2014/01/28 19:35:56 | 000,006,012 | ---- | M] () -- \Users\rado\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014/01/28 19:35:56 | 000,021,956 | ---- | M] () -- \Users\rado\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014/01/28 19:35:56 | 000,009,772 | ---- | M] () -- \Users\rado\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014/07/22 09:28:10 | 000,000,561 | ---- | M] () -- \Users\rado\AppData\Roaming\Microsoft\Windows\Recent\gameloader.dcr.lnk
[2014/07/14 15:36:37 | 000,022,486 | ---- | M] () -- \Users\rado\AppData\Roaming\Orbit\icon\Orbit Downloader.ico
[2014/05/28 18:26:00 | 000,001,664 | ---- | M] () -- \Users\rado\AppData\Roaming\Unity\WebPlayerPrefs\files_2edeadfrontier_2ecom\prefdeadfrontier-df3d-deadfrontierloader_2eunity3d.upp
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009/07/14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 08:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/29 04:18:31 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/04 13:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 04:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/10/14 00:03:56 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2013/10/14 00:03:56 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2013/10/14 00:03:56 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2013/10/14 00:03:56 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2013/10/14 00:03:56 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2010/11/21 17:00:29 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2010/11/21 17:00:29 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2010/11/21 17:00:29 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2010/11/21 17:00:29 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2010/11/21 17:00:29 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2012/08/24 15:53:19 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2012/08/24 15:53:19 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2012/08/24 15:53:19 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2012/08/24 15:53:19 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2012/08/24 15:53:19 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009/07/14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009/07/13 19:18:36 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010/11/21 16:59:29 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2010/11/21 05:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011/02/05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011/02/05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009/07/14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/29 03:54:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
========== Custom Scans ==========
< >
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,502 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/12/18 09:40:53 | 000,000,928 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/12/18 09:40:56 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014/07/24 21:17:19 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010/11/21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
< MD5 for: HAL.DLL >
[2010/11/21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
< MD5 for: SCECLI.DLL >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2014/04/05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014/04/05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012/10/03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013/09/08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014/04/05 04:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010/11/21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/09/07 04:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012/10/03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/11/26 13:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
< >
< %systemroot%*.* /U /s >
[14 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[37 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\ei_temp\*.tmp files -> C:\Windows\ei_temp\*.tmp -> ]
[113 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0b5dbb4bd6ca7218a75a35c073a90d83\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0b5dbb4bd6ca7218a75a35c073a90d83\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\0eb7f34d82700bac66b9fa746b064102\*.tmp files -> C:\Windows\SoftwareDistribution\Download\0eb7f34d82700bac66b9fa746b064102\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\1482b2e67c918242d9983970a6d1b2e8\*.tmp files -> C:\Windows\SoftwareDistribution\Download\1482b2e67c918242d9983970a6d1b2e8\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\1e86c7769b1cbd2f2f5f3ae4a4e4f45b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\1e86c7769b1cbd2f2f5f3ae4a4e4f45b\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\1fcd8a16deed5f56c437d48d1fe804d5\*.tmp files -> C:\Windows\SoftwareDistribution\Download\1fcd8a16deed5f56c437d48d1fe804d5\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\280eca608a6e27514e47fb0c5b4c8dfd\*.tmp files -> C:\Windows\SoftwareDistribution\Download\280eca608a6e27514e47fb0c5b4c8dfd\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\28ca6a76a003a90388c85242b975a278\*.tmp files -> C:\Windows\SoftwareDistribution\Download\28ca6a76a003a90388c85242b975a278\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\2b0c929d1cd6ccc86462da10bc08ea07\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2b0c929d1cd6ccc86462da10bc08ea07\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\2c072545d220c1f24008546826e7e76a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2c072545d220c1f24008546826e7e76a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\4d989ee184a356da1673061e05019eb1\*.tmp files -> C:\Windows\SoftwareDistribution\Download\4d989ee184a356da1673061e05019eb1\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\4fcc77e9fb0839a5eeb1594fd65d3dd4\*.tmp files -> C:\Windows\SoftwareDistribution\Download\4fcc77e9fb0839a5eeb1594fd65d3dd4\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\57a69878f0bf29c74bd006295cc4160a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\57a69878f0bf29c74bd006295cc4160a\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\6521cc8ffb9546e8e3fa2082b849082d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\6521cc8ffb9546e8e3fa2082b849082d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\66a275e2e1473dcee3e73074ff131ce6\*.tmp files -> C:\Windows\SoftwareDistribution\Download\66a275e2e1473dcee3e73074ff131ce6\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\69d0cc51cd2a67047785b2d63872e8c5\*.tmp files -> C:\Windows\SoftwareDistribution\Download\69d0cc51cd2a67047785b2d63872e8c5\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\850b50f1851e5282f37bc2c500b86679\*.tmp files -> C:\Windows\SoftwareDistribution\Download\850b50f1851e5282f37bc2c500b86679\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b457d3b4a5282cd6516d0d352ad011f1\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b457d3b4a5282cd6516d0d352ad011f1\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\d71c4a0b7f913133725972d00b29e564\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d71c4a0b7f913133725972d00b29e564\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\e069ca30d8e977934db0cea42b390de6\*.tmp files -> C:\Windows\SoftwareDistribution\Download\e069ca30d8e977934db0cea42b390de6\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\eddecd23b6c981630f1e36feb0c7a319\*.tmp files -> C:\Windows\SoftwareDistribution\Download\eddecd23b6c981630f1e36feb0c7a319\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\f88e21f4729f2dbc348d4c9bfd0b913c\*.tmp files -> C:\Windows\SoftwareDistribution\Download\f88e21f4729f2dbc348d4c9bfd0b913c\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp -> ]
[1 C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp files -> C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2014/07/18 21:57:18 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\.mono
[2014/07/24 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Adobe
[2012/08/25 21:21:58 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Ahead
[2014/07/24 16:51:40 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\BitTorrent
[2014/07/15 17:23:24 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Carbon
[2013/08/06 11:35:30 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Crash Reports
[2014/07/25 20:22:43 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\DAEMON Tools Lite
[2013/04/09 19:39:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\DriverCure
[2012/12/07 08:59:23 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\DVDVideoSoft
[2012/10/03 15:19:16 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ESET
[2012/08/25 22:05:36 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GetRightToGo
[2014/07/20 15:09:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GHISLER
[2013/07/31 12:44:05 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GoforFiles
[2012/08/24 16:40:35 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\GrabPro
[2012/08/22 15:29:50 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Identities
[2013/10/26 11:40:17 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\IObit
[2014/07/24 21:17:33 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Macromedia
[2010/11/21 17:10:34 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Media Center Programs
[2014/07/23 22:09:38 | 000,000,000 | --SD | M] -- C:\Users\rado\AppData\Roaming\Microsoft
[2013/01/31 10:32:57 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Mikrotik
[2014/06/11 02:02:29 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Mozilla
[2012/08/26 11:49:19 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Nero
[2014/07/25 21:42:43 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\NVIDIA
[2012/10/13 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\OpenOffice.org
[2013/07/31 21:00:38 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Opera
[2014/07/14 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Orbit
[2013/06/17 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Profiles
[2012/08/24 16:40:37 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ProgSense
[2013/03/23 16:46:53 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Real
[2013/03/22 10:53:59 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\RealNetworks
[2014/05/16 17:47:54 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Skype
[2014/05/15 19:40:10 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\TeamViewer
[2013/10/13 19:43:35 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\TS3Client
[2013/02/13 16:08:38 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ts3overlay
[2014/03/17 13:19:23 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Unity
[2012/10/15 12:05:39 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\ValuSoft
[2014/07/25 13:20:10 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\vlc
[2014/07/14 15:35:54 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\Winamp
[2012/09/02 19:14:50 | 000,000,000 | ---D | M] -- C:\Users\rado\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2014/07/05 14:57:31 | 001,267,032 | ---- | M] (BitTorrent Inc.) -- C:\Users\rado\AppData\Roaming\BitTorrent\BitTorrent.exe
[2014/02/03 14:49:39 | 000,900,696 | ---- | M] (BitTorrent Inc.) -- C:\Users\rado\AppData\Roaming\BitTorrent\updates\7.8.2_30489.exe
[2014/06/21 18:39:01 | 001,241,168 | ---- | M] (BitTorrent Inc.) -- C:\Users\rado\AppData\Roaming\BitTorrent\updates\7.9.1_31396.exe
[2014/07/05 14:57:31 | 001,267,032 | ---- | M] (BitTorrent Inc.) -- C:\Users\rado\AppData\Roaming\BitTorrent\updates\7.9.2_32128.exe
[2014/07/15 17:14:22 | 013,994,664 | ---- | M] () -- C:\Users\rado\AppData\Roaming\Carbon\AirMech\AirMech.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2014/07/25 23:51:21 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/07/25 20:22:36 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/07/26 00:17:12 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014/07/24 21:17:17 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014/07/24 21:17:16 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2012/04/11 11:54:22 | 003,672,384 | ---- | M] (DT Soft Ltd)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2014/06/11 13:32:32 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=B1E01D636350983E94171E229C759468 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014/06/20 21:39:54 | 000,812,216 | ---- | M] (Microsoft Corporation) MD5=CD900EFB4F8946A2BB1950D9F45915C2 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014/07/15 11:24:50 | 000,860,488 | ---- | M] (Google Inc.) MD5=B43E68B8A022FB00FF54360D408E871B -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/07/25 22:19:48 | 000,000,512 | ---- | M] () MD5=E8F17D9C62FAE8566B2F877A0FF3D8B8 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2013/12/06 15:04:46 | 000,000,979 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fexplicite-art-blog.com%2Finthecrack%2Fjennifer%2F06.png
[2013/12/06 15:04:56 | 000,001,002 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fexplicite-art-blog.com%2Finthecrack%2Fjennifer%2F07.png
[2014/01/24 16:07:03 | 000,000,985 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fexplicite-art-blog.com%2Finthecrack%2Fliz-honey%2F12.png
[2014/03/05 10:34:45 | 000,000,956 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fexplicite-art-blog.com%2Finthecrack%2Fnatasha%2F04.png
[2014/01/23 20:45:34 | 000,000,994 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fwww.jesuslovesporn.net%2Fsource_galleries%2Finthecrack-795-cassie-laine%2F14.png
[2014/01/23 20:45:24 | 000,000,963 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fwww.jesuslovesporn.net%2Fsource_galleries%2Finthecrack-795-cassie-laine%2F15.png
[2012/10/04 18:31:44 | 000,008,438 | ---- | M] () -- \Users\rado\AppData\Roaming\BitTorrent\Borderlands 2 Crack Only Fixed-3DM.torrent
[2013/02/20 11:34:26 | 000,005,952 | ---- | M] () -- \Users\rado\AppData\Roaming\BitTorrent\CCleaner Professional and Business Edition 3.27.1900 Incl Crack.torrent
[2013/11/04 22:48:05 | 000,036,820 | ---- | M] () -- \Users\rado\AppData\Roaming\BitTorrent\How.to.Survive.Cracked-P2PGAMES.torrent
[2013/07/26 17:36:27 | 000,012,476 | ---- | M] () -- \Users\rado\AppData\Roaming\BitTorrent\Minecraft-1.6.2---Cracked-Gajdy.exe.torrent
[2013/10/11 14:32:19 | 000,015,450 | ---- | M] () -- \Users\rado\AppData\Roaming\BitTorrent\Worms.Reloaded.v1.0.0.476.multi8.cracked.READ.NFO-THETA.torrent
[2014/07/09 11:41:04 | 000,000,703 | ---- | M] () -- \Users\rado\AppData\Roaming\Microsoft\Windows\Recent\Darkstar.One.CRACKFIX-RELOADED.lnk
< *keygen* /s >
[2012/08/25 21:00:13 | 000,015,146 | ---- | M] () -- \Users\rado\AppData\Roaming\BitTorrent\Nero 7 Premium 7.8.5.0 CZ + keygen.rar.torrent
< *loader* /s >
[2014/02/05 11:31:23 | 001,169,184 | ---- | M] () -- \NVIDIA\DisplayDriver\GeForce334.89Driver\GFExperience\ExtensionLoader.dll
[2013/11/29 18:55:28 | 001,168,672 | ---- | M] () -- \NVIDIA\DisplayDriver\GeForceR331GameReadyDriver\ExtensionLoader.dll
[2013/12/10 04:13:27 | 001,168,672 | ---- | M] () -- \NVIDIA\DisplayDriver\GeForceR331Game-Ready-Driver\ExtensionLoader.dll
[2013/11/14 13:56:55 | 001,168,672 | ---- | M] () -- \NVIDIA\DisplayDriver\GeForceR331GameReadyDriver\GFExperience\ExtensionLoader.dll
[2013/12/10 04:15:46 | 001,168,672 | ---- | M] () -- \NVIDIA\DisplayDriver\GeForceR331Game-Ready-Driver\GFExperience\ExtensionLoader.dll
[2013/10/04 08:41:02 | 000,000,194 | ---- | M] () -- \Program Files (x86)\Common Files\Blizzard Entertainment\BlizzardDownloader.ini
[2013/07/25 04:43:28 | 000,065,344 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013/07/25 04:43:30 | 000,067,904 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2013/07/25 04:43:12 | 000,073,024 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2013/07/25 04:43:12 | 000,080,704 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2012/08/13 10:52:58 | 000,006,081 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.py
[2012/08/10 16:50:58 | 000,020,992 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2012/08/13 11:04:18 | 000,000,171 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2012/08/10 16:50:54 | 000,029,696 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2012/08/13 10:12:36 | 000,003,868 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\URE\java\unoloader.jar
[2013/10/23 22:07:40 | 000,007,825 | ---- | M] () -- \Program Files (x86)\Steam\remoteui\static\libs\images\ajax-loader.gif
[2012/11/27 15:39:24 | 000,042,548 | ---- | M] () -- \Program Files (x86)\Unity\MonoDevelop\bin\gdk-pixbuf-query-loaders.exe
[2014/01/08 15:40:42 | 000,002,992 | ---- | M] () -- \Program Files (x86)\Unity\MonoDevelop\etc\gtk-2.0\gdk-pixbuf.loaders
[2013/05/16 16:41:22 | 001,152,288 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{0293DC07-8EF6-4FE4-AD03-650CD0E77996}\ExtensionLoader.dll
[2013/10/18 03:34:40 | 001,168,672 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{F89FE3B2-F001-4734-B04C-DE54B4F6D7D1}\ExtensionLoader.dll
[2013/11/15 21:39:04 | 000,021,519 | ---- | M] () -- \ProgramData\IObit\ASCDownloader\Downloader.log
[2013/11/15 21:39:04 | 000,021,519 | ---- | M] () -- \Users\All Users\IObit\ASCDownloader\Downloader.log
[2014/02/14 22:25:36 | 000,000,066 | ---- | M] () -- \Users\rado\AppData\Local\SRDownloader.err
[2014/02/14 23:14:56 | 000,001,096 | ---- | M] () -- \Users\rado\AppData\Local\SRDownloader.nast
[2012/08/29 22:10:58 | 000,057,728 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2012/08/29 22:10:58 | 000,057,728 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2012/08/29 22:10:58 | 000,057,728 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2012/08/29 22:10:59 | 000,057,728 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin3\dt_dadget_loader.png
[2012/08/29 22:10:59 | 000,057,728 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin4\dt_dadget_loader.png
[2012/08/29 22:10:59 | 000,061,770 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin5\dt_dadget_loader.png
[2012/08/29 22:11:00 | 000,061,770 | ---- | M] () -- \Users\rado\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin6\dt_dadget_loader.png
[2014/04/10 18:42:37 | 000,000,706 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\http%3A%2F%2Fwww.orbitdownloader.com%2Ffavicon.png
[2014/04/10 18:42:37 | 000,000,095 | ---- | M] () -- \Users\rado\AppData\Local\Opera\Opera x64\icons\www.orbitdownloader.com.idx
[2014/01/28 19:35:56 | 000,072,638 | ---- | M] () -- \Users\rado\AppData\Local\Skype\Apps\login\images\loader.gif
[2014/01/28 19:35:56 | 000,003,032 | ---- | M] () -- \Users\rado\AppData\Local\Skype\Apps\login\images\loader.png
[2014/01/28 19:35:56 | 000,006,012 | ---- | M] () -- \Users\rado\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014/01/28 19:35:56 | 000,021,956 | ---- | M] () -- \Users\rado\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014/01/28 19:35:56 | 000,009,772 | ---- | M] () -- \Users\rado\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014/07/22 09:28:10 | 000,000,561 | ---- | M] () -- \Users\rado\AppData\Roaming\Microsoft\Windows\Recent\gameloader.dcr.lnk
[2014/07/14 15:36:37 | 000,022,486 | ---- | M] () -- \Users\rado\AppData\Roaming\Orbit\icon\Orbit Downloader.ico
[2014/05/28 18:26:00 | 000,001,664 | ---- | M] () -- \Users\rado\AppData\Roaming\Unity\WebPlayerPrefs\files_2edeadfrontier_2ecom\prefdeadfrontier-df3d-deadfrontierloader_2eunity3d.upp
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009/07/14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 08:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/29 04:18:31 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/04 13:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 04:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/10/14 00:03:56 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2013/10/14 00:03:56 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2013/10/14 00:03:56 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2013/10/14 00:03:56 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2013/10/14 00:03:56 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2010/11/21 17:00:29 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2010/11/21 17:00:29 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2010/11/21 17:00:29 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2010/11/21 17:00:29 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2010/11/21 17:00:29 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2012/08/24 15:53:19 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2012/08/24 15:53:19 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2012/08/24 15:53:19 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2012/08/24 15:53:19 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2012/08/24 15:53:19 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009/07/14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009/07/13 19:18:36 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010/11/21 16:59:29 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2010/11/21 05:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011/02/05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011/02/05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009/07/14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/29 03:54:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
Re: prosim o pomoc
OTL Extras logfile created on: 25. 7. 2014 21:56:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rado\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
2,00 Gb Total Physical Memory | 0,55 Gb Available Physical Memory | 27,41% Memory free
4,00 Gb Paging File | 1,58 Gb Available in Paging File | 39,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 57,01 Gb Total Space | 16,03 Gb Free Space | 28,13% Space Free | Partition Type: NTFS
Drive D: | 175,78 Gb Total Space | 73,97 Gb Free Space | 42,08% Space Free | Partition Type: NTFS
Drive J: | 100,00 Mb Total Space | 69,25 Mb Free Space | 69,25% Space Free | Partition Type: NTFS
Drive M: | 4,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive O: | 19,08 Gb Total Space | 16,95 Gb Free Space | 88,84% Space Free | Partition Type: NTFS
Computer Name: RADO-PC | User Name: rado | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CB58FF-1570-4953-AE69-E1B49C9E6873}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{04D9B04F-288C-4F86-B579-A365291EF4D5}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{0966523C-854D-4745-B6DA-F81D622EEF8A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{0F485599-69A6-4E97-A630-AFBEAE3A1D84}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{1762CC0B-FDBD-455E-854B-C635145766C7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18394306-FCB3-43DD-8BA2-65887A29E40D}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{1C6D7036-1939-4810-A516-D83EA328B088}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{1C883092-F419-413E-AC6A-DE87129D4A38}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{27E340A7-CCAB-413A-822C-155B151AE332}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2F7FA151-359B-44C9-9EA9-7837B622064F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3257C718-58C7-423E-A069-4E479EE2B74E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{32DD19A2-D6E3-4127-80A7-A8E970D11EC2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{341C374D-0B79-4A22-A5EE-D5C3BAE77B85}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{38545ACD-ECC6-4211-9670-FAD5F5F1313C}" = rport=137 | protocol=17 | dir=out | app=system |
"{386EE6AB-A4AF-4401-BD16-C7F29F73D786}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AC5FE67-D61F-4A7E-9D9A-70B3640E9CBA}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{4A9FBE77-81EB-475A-8D77-BECD907DDCA9}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{515ED2B3-B3F8-4EFA-9781-0496BD6F59B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{524D6953-1F49-48E3-BACD-11AF528B4C2F}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{52A0C85D-482D-4820-9D91-7E23DBE0E86C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{548A7BF9-A86C-45AD-9088-2B6C55EFE560}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{548B2425-C1C2-4BEE-850A-8B3ED22957AE}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{59F26E94-CF78-418F-A75C-10FC2F725294}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60A03E30-B1AC-45C9-9BA2-C54C96F46730}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{6429657B-60E0-4E10-B8CF-FC39E662375D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{6586F844-17A1-4B97-B1A6-CB657C2DB78A}" = lport=137 | protocol=17 | dir=in | app=system |
"{766FB6E0-879C-4AF8-9AEE-D352A863C2CD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{7729B626-E43B-4E38-852C-12BEDEB98F7E}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{7B0183C1-8B16-4FCC-A96B-925C793A974E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87EBB342-63FA-4BBF-9E29-53BE3C931D9A}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{8B87B95D-6048-4B1C-BCF1-610456C49052}" = rport=139 | protocol=6 | dir=out | app=system |
"{94AAE68B-6675-41FA-AE3D-7B946211784A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{94DABAC9-515E-4495-9FBC-ED8EFB027704}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{95843A1E-491B-423F-9D0B-C3FDDE91A9C9}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{98EEE278-81B1-4353-A6F9-4693E3E56FE5}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{A3D0EEB3-EBE4-4911-90D3-36AC0BF688A5}" = rport=445 | protocol=6 | dir=out | app=system |
"{AAE4D37F-F133-4352-AA5C-53065AA9FFA4}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{ADF858D3-15A1-4426-A7A0-C8CC5CAE461F}" = lport=138 | protocol=17 | dir=in | app=system |
"{BA033737-B239-4FB2-90A8-2008137A5EF5}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{BFFC559C-C9CC-43C7-9449-F86270026790}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{C04BBEEC-27D4-411A-B09B-7D23D8F4F221}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{C50E541E-283C-40AC-823B-3057FC31A3B9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB58CC5B-DF72-449A-9518-84CB61C03DBC}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CC2E9D6C-8C8E-4C8F-B7CB-323D6B0C583E}" = lport=139 | protocol=6 | dir=in | app=system |
"{CD362F50-E0CF-4A2C-9062-01A982B8DB03}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{DA24F28B-A9E4-4615-BDED-A536CC10CE50}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{DFCEFD32-1A35-4F26-B920-D5B0F9603639}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{E2FDFC1D-CCAC-414B-83AB-1A6517FA7D9E}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{E5502946-A5A9-4A3D-B5F4-973CCCC97589}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E65B36BA-A241-46A9-83DB-2A36792A1953}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2EDA758-4970-4AD1-AB2B-2A2B92255501}" = lport=445 | protocol=6 | dir=in | app=system |
"{F69512B5-ED2F-4501-905D-ACD0ED7269C3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FAEB9CF0-DAC3-4249-88BD-BA85913695DE}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{FCDCFBA8-F9DB-4347-A256-51E9B2BECB1B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{FF45D889-386B-4712-ADA6-7CEA3B9ADC70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0794F371-CE15-4068-B12D-950D73DB350F}" = protocol=17 | dir=in | app=d:\program files\diablo iii\diablo iii.exe |
"{0BFC56E2-B1A0-4B76-B6B0-65482AA641C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{127412D6-2E26-4330-9A06-5D8D22AED040}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{17641FAD-BB8A-420D-A4E2-24172F6EF8F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D3D5C5D-EB9D-4249-9388-A66899722D09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{201DF79F-4590-4B9D-B081-5200D9C2CEED}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21AE0481-D231-4937-A994-9A62B7B866BC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{29287B35-9F69-4214-A207-250ADA2891E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2ACF439B-D30F-4470-A1CD-7B742D61A399}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2BBBBE8E-FA20-47DE-A345-249CA21BB537}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2E1D411C-A0D7-4BC9-89E1-41F46F2CCFF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F14C1AF-252F-48AD-8DA2-0B093EE209D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31349307-DF05-46E3-AA2E-527C4D210568}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3402BF9B-FE22-449C-8309-F37C94CEDC04}" = protocol=6 | dir=in | app=d:\program files\diablo iii\diablo iii.exe |
"{41D84267-79C1-42F6-B8A0-B2F65C79CB91}" = protocol=17 | dir=in | app=d:\pok\steamapps\common\star conflict\game.exe |
"{435A3F69-C2F8-417E-8115-A5563C27260D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{44F5AF21-C364-43B0-B930-B97D4C48EC4D}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{4896F408-5DBD-4FAB-8C01-02FC70608663}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D258C79-3BC3-40C9-904B-50F0B86EE1EF}" = protocol=17 | dir=in | app=d:\pok\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe |
"{54350106-E702-4829-8515-8EF3DB6A2909}" = protocol=6 | dir=in | app=d:\pok\steamapps\common\star conflict\game.exe |
"{57D08275-4513-4530-89CF-C08F5AC0A24A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{58ABD415-1266-4E94-B38B-9549BA9A6472}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A6D560D-01E6-4347-A1DC-028CCA064A97}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{5CDBEB73-8FF7-4133-AF04-7F0A04C06CBB}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe |
"{5DB60DD8-A39F-40D7-A0F1-80F8C0ADF5B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FEA87EA-17F7-4D4F-9C90-42E2BEBE7D96}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{60C95548-585C-4E1F-BD9F-8A96BE2CF8E2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{638DC47F-9E9F-4DC3-9606-CB99F61B4246}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{68C902CB-B032-4B2F-86AC-718AC796FFED}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{763661A7-47D3-450F-B079-1A3797BF4712}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{78033E95-C2E9-4B69-8744-505A73DDA5F7}" = protocol=17 | dir=in | app=c:\users\rado\appdata\roaming\bittorrent\bittorrent.exe |
"{7E74F6D6-463E-4173-9313-BFBBE0EE9BE1}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{828CEEF8-B7C8-4BC0-9C82-52C0092A4515}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe |
"{83E10822-A22A-4AA6-B1EF-020185C0D501}" = protocol=17 | dir=in | app=d:\pok\steamapps\common\jagged alliance online\jao.exe |
"{8C5061B2-DC5B-4991-9DD3-906F7EFCFF47}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9EEAF132-45B1-485B-8AEF-7F1B3C4D8642}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{A06507DE-8470-4AD8-AA63-CE85B39D0170}" = protocol=6 | dir=out | app=system |
"{A7D6374D-E492-472E-B3ED-7B0E46389941}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{AA204E17-F971-4FD6-B7BB-0B3BB93714F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{B7B56204-FFA8-418F-8B9A-A12FBBA92B86}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{B7B88F1F-30F3-4725-9DDD-6B47BA6ECF11}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{BB83870A-C52C-4B52-A8CD-483A2845EF59}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{BEC42F80-FE22-4C90-81B9-F08DB143942B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C2CF4F47-5CF3-4716-A804-05CE5B94E6E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C466EB5C-D92A-4B4F-98F8-DD4F4BD15A46}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C5DAEA83-6928-4437-A7A2-83A091DDBB70}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C609D1B4-C922-4F3F-A3DD-E5A5E13C7FC6}" = protocol=6 | dir=in | app=c:\users\rado\appdata\roaming\bittorrent\bittorrent.exe |
"{C77B58E6-82F9-438F-BA27-4E0D257DAC17}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D9299B99-FF15-43E9-92CE-18D69F10F604}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{DC6A16FD-39B6-4595-B263-1A35EBBB306A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E05958F2-7F3E-43EE-8AB8-17544CF6B6AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E69189FE-6421-4861-B2D9-1A48704ACA96}" = protocol=6 | dir=in | app=d:\pok\steamapps\common\jagged alliance online\jao.exe |
"{EC2E4AC6-F59D-4621-99FE-7AD9B15F5525}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{F25C6B09-97D7-406F-940C-1065870F27CB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F4719564-143C-4106-9B1F-BDCACE8B071F}" = protocol=6 | dir=in | app=d:\pok\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe |
"{F6394AA2-3CFF-4FC9-92B3-A16D7B8C3FD8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F98F8338-B570-47BB-A8CC-959BD2984F4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F9E0EEFB-B515-400E-8C4C-EE6951DC399B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{06865E99-FDAF-4A83-8020-43E87D6B9C3F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{3FCF288F-9773-4451-BA03-2B95ADD1B9F1}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{6F3D1118-DBB9-4591-B4E2-751BC7D135DB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{7B364442-B384-42E3-AD5D-A280C63AECA5}D:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe" = protocol=6 | dir=in | app=d:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe |
"TCP Query User{8B10248B-DAE6-40C4-AFE2-3746337C67B0}D:\program files\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\program files\diablo iii\diablo iii.exe |
"TCP Query User{8C3C8A1A-26ED-489E-917C-753B5C4C6623}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{93FEC950-EB86-4644-8157-0208D57FC162}E:\program files\red 5 studios\firefall\system\bin\firefallclient.exe" = protocol=6 | dir=in | app=e:\program files\red 5 studios\firefall\system\bin\firefallclient.exe |
"TCP Query User{B1848687-78C9-4E4A-9C5D-80116105DB29}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{CF5F47CE-EDDB-44CE-BF63-AEC686336EAD}E:\rfonline\rfonlinecbt\rf_online.bin" = protocol=6 | dir=in | app=e:\rfonline\rfonlinecbt\rf_online.bin |
"TCP Query User{D1519F34-B9D3-4E9F-91AA-A82517114051}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{2FBAF9E8-794D-4AEC-944F-9EE5EC7B86B4}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{33692ACD-7DDC-457C-9CF2-92B6EAB8DC9B}E:\rfonline\rfonlinecbt\rf_online.bin" = protocol=17 | dir=in | app=e:\rfonline\rfonlinecbt\rf_online.bin |
"UDP Query User{35BF5E7D-E877-45C0-8F95-FCCE7235DBBF}D:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe" = protocol=17 | dir=in | app=d:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe |
"UDP Query User{46CFBE48-130F-4893-B521-D18BDD027D41}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{6AE664D8-4248-44D9-98AA-6D604E9C61C1}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{8CF8F0DF-2F53-4145-AD39-5C1BF06DFDF5}D:\program files\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\program files\diablo iii\diablo iii.exe |
"UDP Query User{9A29D80F-4ACC-45B8-8807-4F62BBA6CC46}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{CB16C565-DD04-4168-A952-163925117CBE}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{E0D5D3E1-311B-44B5-BC6E-B95EC843691D}E:\program files\red 5 studios\firefall\system\bin\firefallclient.exe" = protocol=17 | dir=in | app=e:\program files\red 5 studios\firefall\system\bin\firefallclient.exe |
"UDP Query User{E801F562-7191-479C-899B-A76D9971911F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{50813B8C-FCBB-3C61-8039-EAAA93029066}" = Microsoft .NET Framework 4.5.1 (CSY)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84CDA377-508A-41CC-B428-B4D02A060282}" = ESET Smart Security
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Softvér systému s podporou technológie PhysX 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovládač zvuku HD 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"CCleaner" = CCleaner
"C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0
"Opera 12.17.1863" = Opera 12.17
"Speccy" = Speccy
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1E0AF527-0B8E-4F8A-BA27-CB3C359998C6}" = OpenOffice.org 3.4.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ED7341F-1942-4623-A27C-9C4F3838172F}" = IObit Apps Toolbar v7.0
"{516A594B-FEFF-4521-B857-69809AB266FF}" = VC8&9 CRT and ATL
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A470330-70B2-49AD-86AF-79885EF9898A}" = FARO LS 1.1.501.0 (64bit)
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{91B33C97-54B3-9CEB-E911-246EDA9BDC9A}_is1" = Ashampoo Movie Studio v.1.0.4
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1051-7B44-AB0000000001}" = Adobe Reader XI - Slovak
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{CDE46766-A2BC-44FF-A781-D2C718336F65}" = Nexus: The Jupiter Incident
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"aTube Catcher" = aTube Catcher
"Avisynth" = AviSynth 2.5
"B1FreeArchiver" = B1 Free Archiver
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Google Chrome" = Google Chrome
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 30.0 (x86 sk)" = Mozilla Firefox 30.0 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenSCAD" = OpenSCAD (remove only)
"Orbit_is1" = Orbit Downloader
"PunkBusterSvc" = PunkBuster Services
"Steam" = Steam
"Steam App 212070" = Star Conflict
"Steam App 218450" = Jagged Alliance Online - Steam Edition
"Steam App 271290" = HAWKEN
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 9" = TeamViewer 9
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"VidShot Capturer_is1" = VidShot Capturer
"VLC media player" = VLC media player 2.1.3
"WENPTUVuZW15V2l0aGlu_is1" = XCOM: Enemy Within
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24. 7. 2014 10:54:44 | Computer Name = rado-PC | Source = WinMgmt | ID = 10
Description =
Error - 24. 7. 2014 12:23:06 | Computer Name = rado-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: tvc.exe, verzia: 3.7.1.25667, časová značka:
0x4c6365b8 Názov chybového modulu: SDL.dll, verzia: 1.2.11.0, časová značka: 0x44a01654
Kód
výnimky: 0xc0000005 Odstup chyby: 0x0002e625 Identifikácia chybného procesu: 0x7c4
Čas
spustenia chybnej aplikácie: 0x01cfa75a4949bc3e Cesta chybnej aplikácie: C:\Program
Files (x86)\Total Video Converter\tvc.exe Cesta chybného modulu: C:\Program Files
(x86)\Total Video Converter\SDL.dll Identifikácia hlásenia: ca8fcc13-134e-11e4-89cf-0015588f11c5
Error - 24. 7. 2014 14:29:05 | Computer Name = rado-PC | Source = Application Hang | ID = 1002
Description = The program SDScan.exe version 2.0.12.173 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 568 Start
Time: 01cfa7604ebcf1e9 Termination Time: 70 Application Path: C:\Program Files (x86)\Spybot
- Search & Destroy 2\SDScan.exe Report Id: 4de330d6-1360-11e4-89cf-0015588f11c5
Error - 24. 7. 2014 15:01:18 | Computer Name = rado-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: SDScan.exe, verzia: 2.0.12.173, časová značka:
0x50a24627 Názov chybového modulu: KERNELBASE.dll, verzia: 6.1.7601.18409, časová
značka: 0x53159a86 Kód výnimky: 0x0eedfade Odstup chyby: 0x0000c42d Identifikácia
chybného procesu: 0xc58 Čas spustenia chybnej aplikácie: 0x01cfa76d32db8480 Cesta
chybnej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Cesta
chybného modulu: C:\Windows\syswow64\KERNELBASE.dll Identifikácia hlásenia: e4684fba-1364-11e4-89cf-0015588f11c5
Error - 25. 7. 2014 13:48:57 | Computer Name = rado-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path name validation failed. Error: typeId=17,
authorId=9, vendorId=0, vendorType=0
Error - 25. 7. 2014 13:48:57 | Computer Name = rado-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path name validation failed. Error: typeId=43,
authorId=9, vendorId=0, vendorType=0
Error - 25. 7. 2014 13:49:30 | Computer Name = rado-PC | Source = WinMgmt | ID = 10
Description =
Error - 25. 7. 2014 14:22:26 | Computer Name = rado-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path name validation failed. Error: typeId=17,
authorId=9, vendorId=0, vendorType=0
Error - 25. 7. 2014 14:22:26 | Computer Name = rado-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path name validation failed. Error: typeId=43,
authorId=9, vendorId=0, vendorType=0
Error - 25. 7. 2014 14:23:15 | Computer Name = rado-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 23. 7. 2014 14:32:00 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%577
Error - 23. 7. 2014 14:37:13 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7030
Description = Služba ESET Service je označená ako interaktívna služba. Systém je
však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.
Error - 23. 7. 2014 19:24:20 | Computer Name = rado-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 24. 7. 2014 7:09:19 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%577
Error - 24. 7. 2014 7:28:49 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%577
Error - 24. 7. 2014 7:33:46 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7022
Description = Služba Windows Search sa pri spustení zablokovala.
Error - 24. 7. 2014 10:53:22 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%577
Error - 25. 7. 2014 13:49:16 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%577
Error - 25. 7. 2014 14:22:17 | Computer Name = rado-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:19:45 on ?25. ?7. ?2014 was unexpected.
Error - 25. 7. 2014 14:22:40 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%577
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rado\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
2,00 Gb Total Physical Memory | 0,55 Gb Available Physical Memory | 27,41% Memory free
4,00 Gb Paging File | 1,58 Gb Available in Paging File | 39,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 57,01 Gb Total Space | 16,03 Gb Free Space | 28,13% Space Free | Partition Type: NTFS
Drive D: | 175,78 Gb Total Space | 73,97 Gb Free Space | 42,08% Space Free | Partition Type: NTFS
Drive J: | 100,00 Mb Total Space | 69,25 Mb Free Space | 69,25% Space Free | Partition Type: NTFS
Drive M: | 4,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive O: | 19,08 Gb Total Space | 16,95 Gb Free Space | 88,84% Space Free | Partition Type: NTFS
Computer Name: RADO-PC | User Name: rado | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CB58FF-1570-4953-AE69-E1B49C9E6873}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{04D9B04F-288C-4F86-B579-A365291EF4D5}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{0966523C-854D-4745-B6DA-F81D622EEF8A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{0F485599-69A6-4E97-A630-AFBEAE3A1D84}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{1762CC0B-FDBD-455E-854B-C635145766C7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18394306-FCB3-43DD-8BA2-65887A29E40D}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{1C6D7036-1939-4810-A516-D83EA328B088}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{1C883092-F419-413E-AC6A-DE87129D4A38}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{27E340A7-CCAB-413A-822C-155B151AE332}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2F7FA151-359B-44C9-9EA9-7837B622064F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3257C718-58C7-423E-A069-4E479EE2B74E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{32DD19A2-D6E3-4127-80A7-A8E970D11EC2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{341C374D-0B79-4A22-A5EE-D5C3BAE77B85}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{38545ACD-ECC6-4211-9670-FAD5F5F1313C}" = rport=137 | protocol=17 | dir=out | app=system |
"{386EE6AB-A4AF-4401-BD16-C7F29F73D786}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AC5FE67-D61F-4A7E-9D9A-70B3640E9CBA}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{4A9FBE77-81EB-475A-8D77-BECD907DDCA9}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{515ED2B3-B3F8-4EFA-9781-0496BD6F59B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{524D6953-1F49-48E3-BACD-11AF528B4C2F}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{52A0C85D-482D-4820-9D91-7E23DBE0E86C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{548A7BF9-A86C-45AD-9088-2B6C55EFE560}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{548B2425-C1C2-4BEE-850A-8B3ED22957AE}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{59F26E94-CF78-418F-A75C-10FC2F725294}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60A03E30-B1AC-45C9-9BA2-C54C96F46730}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{6429657B-60E0-4E10-B8CF-FC39E662375D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{6586F844-17A1-4B97-B1A6-CB657C2DB78A}" = lport=137 | protocol=17 | dir=in | app=system |
"{766FB6E0-879C-4AF8-9AEE-D352A863C2CD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{7729B626-E43B-4E38-852C-12BEDEB98F7E}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{7B0183C1-8B16-4FCC-A96B-925C793A974E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87EBB342-63FA-4BBF-9E29-53BE3C931D9A}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{8B87B95D-6048-4B1C-BCF1-610456C49052}" = rport=139 | protocol=6 | dir=out | app=system |
"{94AAE68B-6675-41FA-AE3D-7B946211784A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{94DABAC9-515E-4495-9FBC-ED8EFB027704}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{95843A1E-491B-423F-9D0B-C3FDDE91A9C9}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{98EEE278-81B1-4353-A6F9-4693E3E56FE5}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{A3D0EEB3-EBE4-4911-90D3-36AC0BF688A5}" = rport=445 | protocol=6 | dir=out | app=system |
"{AAE4D37F-F133-4352-AA5C-53065AA9FFA4}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{ADF858D3-15A1-4426-A7A0-C8CC5CAE461F}" = lport=138 | protocol=17 | dir=in | app=system |
"{BA033737-B239-4FB2-90A8-2008137A5EF5}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{BFFC559C-C9CC-43C7-9449-F86270026790}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{C04BBEEC-27D4-411A-B09B-7D23D8F4F221}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{C50E541E-283C-40AC-823B-3057FC31A3B9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB58CC5B-DF72-449A-9518-84CB61C03DBC}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CC2E9D6C-8C8E-4C8F-B7CB-323D6B0C583E}" = lport=139 | protocol=6 | dir=in | app=system |
"{CD362F50-E0CF-4A2C-9062-01A982B8DB03}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{DA24F28B-A9E4-4615-BDED-A536CC10CE50}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{DFCEFD32-1A35-4F26-B920-D5B0F9603639}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{E2FDFC1D-CCAC-414B-83AB-1A6517FA7D9E}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{E5502946-A5A9-4A3D-B5F4-973CCCC97589}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E65B36BA-A241-46A9-83DB-2A36792A1953}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2EDA758-4970-4AD1-AB2B-2A2B92255501}" = lport=445 | protocol=6 | dir=in | app=system |
"{F69512B5-ED2F-4501-905D-ACD0ED7269C3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FAEB9CF0-DAC3-4249-88BD-BA85913695DE}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{FCDCFBA8-F9DB-4347-A256-51E9B2BECB1B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{FF45D889-386B-4712-ADA6-7CEA3B9ADC70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0794F371-CE15-4068-B12D-950D73DB350F}" = protocol=17 | dir=in | app=d:\program files\diablo iii\diablo iii.exe |
"{0BFC56E2-B1A0-4B76-B6B0-65482AA641C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{127412D6-2E26-4330-9A06-5D8D22AED040}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{17641FAD-BB8A-420D-A4E2-24172F6EF8F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D3D5C5D-EB9D-4249-9388-A66899722D09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{201DF79F-4590-4B9D-B081-5200D9C2CEED}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21AE0481-D231-4937-A994-9A62B7B866BC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{29287B35-9F69-4214-A207-250ADA2891E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2ACF439B-D30F-4470-A1CD-7B742D61A399}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2BBBBE8E-FA20-47DE-A345-249CA21BB537}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2E1D411C-A0D7-4BC9-89E1-41F46F2CCFF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F14C1AF-252F-48AD-8DA2-0B093EE209D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31349307-DF05-46E3-AA2E-527C4D210568}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3402BF9B-FE22-449C-8309-F37C94CEDC04}" = protocol=6 | dir=in | app=d:\program files\diablo iii\diablo iii.exe |
"{41D84267-79C1-42F6-B8A0-B2F65C79CB91}" = protocol=17 | dir=in | app=d:\pok\steamapps\common\star conflict\game.exe |
"{435A3F69-C2F8-417E-8115-A5563C27260D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{44F5AF21-C364-43B0-B930-B97D4C48EC4D}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{4896F408-5DBD-4FAB-8C01-02FC70608663}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D258C79-3BC3-40C9-904B-50F0B86EE1EF}" = protocol=17 | dir=in | app=d:\pok\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe |
"{54350106-E702-4829-8515-8EF3DB6A2909}" = protocol=6 | dir=in | app=d:\pok\steamapps\common\star conflict\game.exe |
"{57D08275-4513-4530-89CF-C08F5AC0A24A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{58ABD415-1266-4E94-B38B-9549BA9A6472}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A6D560D-01E6-4347-A1DC-028CCA064A97}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{5CDBEB73-8FF7-4133-AF04-7F0A04C06CBB}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe |
"{5DB60DD8-A39F-40D7-A0F1-80F8C0ADF5B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FEA87EA-17F7-4D4F-9C90-42E2BEBE7D96}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{60C95548-585C-4E1F-BD9F-8A96BE2CF8E2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{638DC47F-9E9F-4DC3-9606-CB99F61B4246}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{68C902CB-B032-4B2F-86AC-718AC796FFED}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{763661A7-47D3-450F-B079-1A3797BF4712}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{78033E95-C2E9-4B69-8744-505A73DDA5F7}" = protocol=17 | dir=in | app=c:\users\rado\appdata\roaming\bittorrent\bittorrent.exe |
"{7E74F6D6-463E-4173-9313-BFBBE0EE9BE1}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{828CEEF8-B7C8-4BC0-9C82-52C0092A4515}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe |
"{83E10822-A22A-4AA6-B1EF-020185C0D501}" = protocol=17 | dir=in | app=d:\pok\steamapps\common\jagged alliance online\jao.exe |
"{8C5061B2-DC5B-4991-9DD3-906F7EFCFF47}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9EEAF132-45B1-485B-8AEF-7F1B3C4D8642}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{A06507DE-8470-4AD8-AA63-CE85B39D0170}" = protocol=6 | dir=out | app=system |
"{A7D6374D-E492-472E-B3ED-7B0E46389941}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{AA204E17-F971-4FD6-B7BB-0B3BB93714F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{B7B56204-FFA8-418F-8B9A-A12FBBA92B86}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{B7B88F1F-30F3-4725-9DDD-6B47BA6ECF11}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{BB83870A-C52C-4B52-A8CD-483A2845EF59}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{BEC42F80-FE22-4C90-81B9-F08DB143942B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C2CF4F47-5CF3-4716-A804-05CE5B94E6E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C466EB5C-D92A-4B4F-98F8-DD4F4BD15A46}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C5DAEA83-6928-4437-A7A2-83A091DDBB70}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C609D1B4-C922-4F3F-A3DD-E5A5E13C7FC6}" = protocol=6 | dir=in | app=c:\users\rado\appdata\roaming\bittorrent\bittorrent.exe |
"{C77B58E6-82F9-438F-BA27-4E0D257DAC17}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D9299B99-FF15-43E9-92CE-18D69F10F604}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{DC6A16FD-39B6-4595-B263-1A35EBBB306A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E05958F2-7F3E-43EE-8AB8-17544CF6B6AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E69189FE-6421-4861-B2D9-1A48704ACA96}" = protocol=6 | dir=in | app=d:\pok\steamapps\common\jagged alliance online\jao.exe |
"{EC2E4AC6-F59D-4621-99FE-7AD9B15F5525}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{F25C6B09-97D7-406F-940C-1065870F27CB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F4719564-143C-4106-9B1F-BDCACE8B071F}" = protocol=6 | dir=in | app=d:\pok\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe |
"{F6394AA2-3CFF-4FC9-92B3-A16D7B8C3FD8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F98F8338-B570-47BB-A8CC-959BD2984F4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F9E0EEFB-B515-400E-8C4C-EE6951DC399B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{06865E99-FDAF-4A83-8020-43E87D6B9C3F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{3FCF288F-9773-4451-BA03-2B95ADD1B9F1}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{6F3D1118-DBB9-4591-B4E2-751BC7D135DB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{7B364442-B384-42E3-AD5D-A280C63AECA5}D:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe" = protocol=6 | dir=in | app=d:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe |
"TCP Query User{8B10248B-DAE6-40C4-AFE2-3746337C67B0}D:\program files\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\program files\diablo iii\diablo iii.exe |
"TCP Query User{8C3C8A1A-26ED-489E-917C-753B5C4C6623}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{93FEC950-EB86-4644-8157-0208D57FC162}E:\program files\red 5 studios\firefall\system\bin\firefallclient.exe" = protocol=6 | dir=in | app=e:\program files\red 5 studios\firefall\system\bin\firefallclient.exe |
"TCP Query User{B1848687-78C9-4E4A-9C5D-80116105DB29}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{CF5F47CE-EDDB-44CE-BF63-AEC686336EAD}E:\rfonline\rfonlinecbt\rf_online.bin" = protocol=6 | dir=in | app=e:\rfonline\rfonlinecbt\rf_online.bin |
"TCP Query User{D1519F34-B9D3-4E9F-91AA-A82517114051}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{2FBAF9E8-794D-4AEC-944F-9EE5EC7B86B4}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{33692ACD-7DDC-457C-9CF2-92B6EAB8DC9B}E:\rfonline\rfonlinecbt\rf_online.bin" = protocol=17 | dir=in | app=e:\rfonline\rfonlinecbt\rf_online.bin |
"UDP Query User{35BF5E7D-E877-45C0-8F95-FCCE7235DBBF}D:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe" = protocol=17 | dir=in | app=d:\program files (x86)\xcom enemy within\xew\binaries\win32\xcomew.exe |
"UDP Query User{46CFBE48-130F-4893-B521-D18BDD027D41}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{6AE664D8-4248-44D9-98AA-6D604E9C61C1}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{8CF8F0DF-2F53-4145-AD39-5C1BF06DFDF5}D:\program files\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\program files\diablo iii\diablo iii.exe |
"UDP Query User{9A29D80F-4ACC-45B8-8807-4F62BBA6CC46}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{CB16C565-DD04-4168-A952-163925117CBE}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{E0D5D3E1-311B-44B5-BC6E-B95EC843691D}E:\program files\red 5 studios\firefall\system\bin\firefallclient.exe" = protocol=17 | dir=in | app=e:\program files\red 5 studios\firefall\system\bin\firefallclient.exe |
"UDP Query User{E801F562-7191-479C-899B-A76D9971911F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{50813B8C-FCBB-3C61-8039-EAAA93029066}" = Microsoft .NET Framework 4.5.1 (CSY)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84CDA377-508A-41CC-B428-B4D02A060282}" = ESET Smart Security
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Softvér systému s podporou technológie PhysX 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovládač zvuku HD 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"CCleaner" = CCleaner
"C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0
"Opera 12.17.1863" = Opera 12.17
"Speccy" = Speccy
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1E0AF527-0B8E-4F8A-BA27-CB3C359998C6}" = OpenOffice.org 3.4.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ED7341F-1942-4623-A27C-9C4F3838172F}" = IObit Apps Toolbar v7.0
"{516A594B-FEFF-4521-B857-69809AB266FF}" = VC8&9 CRT and ATL
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A470330-70B2-49AD-86AF-79885EF9898A}" = FARO LS 1.1.501.0 (64bit)
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{91B33C97-54B3-9CEB-E911-246EDA9BDC9A}_is1" = Ashampoo Movie Studio v.1.0.4
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1051-7B44-AB0000000001}" = Adobe Reader XI - Slovak
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{CDE46766-A2BC-44FF-A781-D2C718336F65}" = Nexus: The Jupiter Incident
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"aTube Catcher" = aTube Catcher
"Avisynth" = AviSynth 2.5
"B1FreeArchiver" = B1 Free Archiver
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Google Chrome" = Google Chrome
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 30.0 (x86 sk)" = Mozilla Firefox 30.0 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenSCAD" = OpenSCAD (remove only)
"Orbit_is1" = Orbit Downloader
"PunkBusterSvc" = PunkBuster Services
"Steam" = Steam
"Steam App 212070" = Star Conflict
"Steam App 218450" = Jagged Alliance Online - Steam Edition
"Steam App 271290" = HAWKEN
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 9" = TeamViewer 9
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"VidShot Capturer_is1" = VidShot Capturer
"VLC media player" = VLC media player 2.1.3
"WENPTUVuZW15V2l0aGlu_is1" = XCOM: Enemy Within
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2103325229-1255119138-1366225161-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24. 7. 2014 10:54:44 | Computer Name = rado-PC | Source = WinMgmt | ID = 10
Description =
Error - 24. 7. 2014 12:23:06 | Computer Name = rado-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: tvc.exe, verzia: 3.7.1.25667, časová značka:
0x4c6365b8 Názov chybového modulu: SDL.dll, verzia: 1.2.11.0, časová značka: 0x44a01654
Kód
výnimky: 0xc0000005 Odstup chyby: 0x0002e625 Identifikácia chybného procesu: 0x7c4
Čas
spustenia chybnej aplikácie: 0x01cfa75a4949bc3e Cesta chybnej aplikácie: C:\Program
Files (x86)\Total Video Converter\tvc.exe Cesta chybného modulu: C:\Program Files
(x86)\Total Video Converter\SDL.dll Identifikácia hlásenia: ca8fcc13-134e-11e4-89cf-0015588f11c5
Error - 24. 7. 2014 14:29:05 | Computer Name = rado-PC | Source = Application Hang | ID = 1002
Description = The program SDScan.exe version 2.0.12.173 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 568 Start
Time: 01cfa7604ebcf1e9 Termination Time: 70 Application Path: C:\Program Files (x86)\Spybot
- Search & Destroy 2\SDScan.exe Report Id: 4de330d6-1360-11e4-89cf-0015588f11c5
Error - 24. 7. 2014 15:01:18 | Computer Name = rado-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: SDScan.exe, verzia: 2.0.12.173, časová značka:
0x50a24627 Názov chybového modulu: KERNELBASE.dll, verzia: 6.1.7601.18409, časová
značka: 0x53159a86 Kód výnimky: 0x0eedfade Odstup chyby: 0x0000c42d Identifikácia
chybného procesu: 0xc58 Čas spustenia chybnej aplikácie: 0x01cfa76d32db8480 Cesta
chybnej aplikácie: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Cesta
chybného modulu: C:\Windows\syswow64\KERNELBASE.dll Identifikácia hlásenia: e4684fba-1364-11e4-89cf-0015588f11c5
Error - 25. 7. 2014 13:48:57 | Computer Name = rado-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path name validation failed. Error: typeId=17,
authorId=9, vendorId=0, vendorType=0
Error - 25. 7. 2014 13:48:57 | Computer Name = rado-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path name validation failed. Error: typeId=43,
authorId=9, vendorId=0, vendorType=0
Error - 25. 7. 2014 13:49:30 | Computer Name = rado-PC | Source = WinMgmt | ID = 10
Description =
Error - 25. 7. 2014 14:22:26 | Computer Name = rado-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path name validation failed. Error: typeId=17,
authorId=9, vendorId=0, vendorType=0
Error - 25. 7. 2014 14:22:26 | Computer Name = rado-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path name validation failed. Error: typeId=43,
authorId=9, vendorId=0, vendorType=0
Error - 25. 7. 2014 14:23:15 | Computer Name = rado-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 23. 7. 2014 14:32:00 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%577
Error - 23. 7. 2014 14:37:13 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7030
Description = Služba ESET Service je označená ako interaktívna služba. Systém je
však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.
Error - 23. 7. 2014 19:24:20 | Computer Name = rado-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 24. 7. 2014 7:09:19 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%577
Error - 24. 7. 2014 7:28:49 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%577
Error - 24. 7. 2014 7:33:46 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7022
Description = Služba Windows Search sa pri spustení zablokovala.
Error - 24. 7. 2014 10:53:22 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%577
Error - 25. 7. 2014 13:49:16 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%577
Error - 25. 7. 2014 14:22:17 | Computer Name = rado-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:19:45 on ?25. ?7. ?2014 was unexpected.
Error - 25. 7. 2014 14:22:40 | Computer Name = rado-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%577
< End of report >
Re: prosim o pomoc

- Ulozte nejlepe na plochu
- Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
- Probehne vytvoreni zalohy a nasledne prohledavani
- Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
Re: prosim o pomoc
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by rado on ne 27. 07. 2014 at 11:10:16,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&download by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&grab video by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\do&wnload selected by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\down&load all by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2103325229-1255119138-1366225161-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\orbit_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNToolbarInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNToolbarInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FEA943-DAC0-475A-86C8-BD2A48CF5AFF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
~~~ Files
Successfully deleted: [File] "C:\end"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\rado\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\rado\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\rado\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\rado\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\rado\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\rado\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\rado\appdata\locallow\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\orbitdownloader"
Successfully deleted: [Folder] "C:\ProgramData\ask"
~~~ FireFox
Emptied folder: C:\Users\rado\AppData\Roaming\mozilla\firefox\profiles\w2q86uyf.default-1404304579824\minidumps [9 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 27. 07. 2014 at 11:36:49,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by rado on ne 27. 07. 2014 at 11:10:16,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&download by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&grab video by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\do&wnload selected by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\down&load all by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2103325229-1255119138-1366225161-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\orbit_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNToolbarInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNToolbarInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FEA943-DAC0-475A-86C8-BD2A48CF5AFF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
~~~ Files
Successfully deleted: [File] "C:\end"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\rado\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\rado\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\rado\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\rado\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\rado\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\rado\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\rado\appdata\locallow\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\orbitdownloader"
Successfully deleted: [Folder] "C:\ProgramData\ask"
~~~ FireFox
Emptied folder: C:\Users\rado\AppData\Roaming\mozilla\firefox\profiles\w2q86uyf.default-1404304579824\minidumps [9 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 27. 07. 2014 at 11:36:49,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: prosim o pomoc
# AdwCleaner v3.216 - Report created 27/07/2014 at 11:48:19
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : rado - RADO-PC
# Running from : C:\Users\rado\Desktop\adwcleaner_3.216.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\rado\AppData\Local\apn
Folder Deleted : C:\Users\rado\AppData\LocalLow\BitTorrentControl_v12
Folder Deleted : C:\Users\rado\AppData\Roaming\GrabPro
Folder Deleted : C:\Users\rado\AppData\Roaming\IObit\Driver Booster
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15829731-B31C-4CCE-9E77-526CB919013F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5BCA375-86E7-4B1F-97FB-CE2ED2349F68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]
Key Deleted : HKCU\Software\b1.org
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SoftonicToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12
Key Deleted : HKLM\Software\b1.org
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\BitTorrentControl_v12
Key Deleted : [x64] HKLM\SOFTWARE\b1.org
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\x64\mgrldr.dll
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v30.0 (sk)
[ File : C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824\prefs.js ]
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8731 octets] - [27/07/2014 11:46:47]
AdwCleaner[S0].txt - [8372 octets] - [27/07/2014 11:48:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8432 octets] ##########
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : rado - RADO-PC
# Running from : C:\Users\rado\Desktop\adwcleaner_3.216.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\rado\AppData\Local\apn
Folder Deleted : C:\Users\rado\AppData\LocalLow\BitTorrentControl_v12
Folder Deleted : C:\Users\rado\AppData\Roaming\GrabPro
Folder Deleted : C:\Users\rado\AppData\Roaming\IObit\Driver Booster
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15829731-B31C-4CCE-9E77-526CB919013F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5BCA375-86E7-4B1F-97FB-CE2ED2349F68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]
Key Deleted : HKCU\Software\b1.org
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SoftonicToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12
Key Deleted : HKLM\Software\b1.org
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\BitTorrentControl_v12
Key Deleted : [x64] HKLM\SOFTWARE\b1.org
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\x64\mgrldr.dll
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v30.0 (sk)
[ File : C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824\prefs.js ]
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8731 octets] - [27/07/2014 11:46:47]
AdwCleaner[S0].txt - [8372 octets] - [27/07/2014 11:48:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8432 octets] ##########
Re: prosim o pomoc

- Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
- Do okna vlozte skript nize
Kód: Vybrat vše
autoclean; emptyclsid; iedefaults; FFdefaults; CHRdefaults; emptyalltemp; resethosts;
- Nasledne kliknete na Run Script
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
Re: prosim o pomoc
Zoek.exe v5.0.0.0 Updated 26-07-2014
Tool run by rado on po 28. 07. 2014 at 8:20:34,26.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\rado\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
28. 7. 2014 8:26:10 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2103325229-1255119138-1366225161-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{62D40876-DF18-411F-9D34-A9DD7A197BC5} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\rado\AppData\Roaming\Profiles\2o36acdc.default\prefs.js:
Added to C:\Users\rado\AppData\Roaming\Profiles\2o36acdc.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824\prefs.js:
user_pref("browser.startup.homepage", "http://loa.r2games.com/game/play/?server=3562");
Added to C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\nhxx3fhx.default-1402174691302\prefs.js:
Added to C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\nhxx3fhx.default-1402174691302\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
"C:\Windows\Installer\19160a7.msi" not found
"C:\Windows\Installer\1d0cef2.msi" not found
C:\Users\rado\AppData\Roaming\profiles.ini deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\rado\AppData\Local\CRE deleted
C:\Users\rado\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 deleted
C:\Users\rado\Searches deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\BitTorrentControl_v12 deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\PriceGong deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Conduit deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Windows\Installer\107c82e.msi" deleted
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\nhxx3fhx.default-1402174691302
2549375E682A65FA624D52F3AD27FC48 - C:\Users\rado\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
Profilepath: C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
2549375E682A65FA624D52F3AD27FC48 - C:\Users\rado\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bhnjjbcnbmjmhgpliahlamecmbejpaol - C:\Users\rado\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11. 04. 2014 19:46]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bhnjjbcnbmjmhgpliahlamecmbejpaol - C:\Users\rado\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx[]
Skype Click to Call - rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://loa.r2games.com/game/play/?server=3562"
"ICQ Search"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.bing.com/search?q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://loa.r2games.com/game/play/?server=3562"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE11SR"
==== Reset Google Chrome ======================
C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F1437DE4249132642AC7C9F4838371F2 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4ED7341F-1942-4623-A27C-9C4F3838172F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F1437DE4249132642AC7C9F4838371F2 deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\rado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\rado\AppData\Local\Mozilla\Firefox\Profiles\3eyvool7.default\Cache emptied successfully
C:\Users\rado\AppData\Local\Mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=281 folders=94 25895175 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\rado\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\rado\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not found
==== EOF on po 28. 07. 2014 at 9:11:04,62 ======================
Tool run by rado on po 28. 07. 2014 at 8:20:34,26.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\rado\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
28. 7. 2014 8:26:10 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2103325229-1255119138-1366225161-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{62D40876-DF18-411F-9D34-A9DD7A197BC5} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\rado\AppData\Roaming\Profiles\2o36acdc.default\prefs.js:
Added to C:\Users\rado\AppData\Roaming\Profiles\2o36acdc.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824\prefs.js:
user_pref("browser.startup.homepage", "http://loa.r2games.com/game/play/?server=3562");
Added to C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\nhxx3fhx.default-1402174691302\prefs.js:
Added to C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\nhxx3fhx.default-1402174691302\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
"C:\Windows\Installer\19160a7.msi" not found
"C:\Windows\Installer\1d0cef2.msi" not found
C:\Users\rado\AppData\Roaming\profiles.ini deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\rado\AppData\Local\CRE deleted
C:\Users\rado\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 deleted
C:\Users\rado\Searches deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\BitTorrentControl_v12 deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\PriceGong deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Conduit deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Windows\Installer\107c82e.msi" deleted
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\nhxx3fhx.default-1402174691302
2549375E682A65FA624D52F3AD27FC48 - C:\Users\rado\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
Profilepath: C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
2549375E682A65FA624D52F3AD27FC48 - C:\Users\rado\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bhnjjbcnbmjmhgpliahlamecmbejpaol - C:\Users\rado\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11. 04. 2014 19:46]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bhnjjbcnbmjmhgpliahlamecmbejpaol - C:\Users\rado\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx[]
Skype Click to Call - rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://loa.r2games.com/game/play/?server=3562"
"ICQ Search"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.bing.com/search?q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://loa.r2games.com/game/play/?server=3562"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE11SR"
==== Reset Google Chrome ======================
C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F1437DE4249132642AC7C9F4838371F2 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4ED7341F-1942-4623-A27C-9C4F3838172F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F1437DE4249132642AC7C9F4838371F2 deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\rado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\rado\AppData\Local\Mozilla\Firefox\Profiles\3eyvool7.default\Cache emptied successfully
C:\Users\rado\AppData\Local\Mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=281 folders=94 25895175 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\rado\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\rado\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not found
==== EOF on po 28. 07. 2014 at 9:11:04,62 ======================
Re: prosim o pomoc
Poprosim o FSRT http://forum.viry.cz/viewtopic.php?f=13&t=133100
Re: prosim o pomoc
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by rado (administrator) on RADO-PC on 31-07-2014 10:45:16
Running from C:\Users\rado\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Windows\CmUCREye_x64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Opera Software) C:\Program Files\Opera x64\opera.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(forum.viry.cz) C:\Users\rado\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Cmiboot] => C:\Windows\cmiboot.exe [65536 2007-02-07] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\MountPoints2: N - N:\setup.exe
HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\MountPoints2: {c27f0203-9a86-11db-95a2-806e6f6e6963} - E:\CheckID.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5F262B949489CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://loa.r2games.com/game/play/?server=3562
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
FireFox:
========
FF ProfilePath: C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - d:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\rado\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\zoznam-sk.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-07-23]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (From Dust) - C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-01-05]
CHR Extension: (Skype Click to Call) - C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-21]
CHR Extension: (Google Wallet) - C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-23] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 ArcService; d:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-18] ()
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-17] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [211456 2014-07-09] () [File not signed]
R3 CMIUCR; C:\Windows\System32\DRIVERS\cmiucr_x64.SYS [160256 2007-01-15] (C-Media Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-29] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-01-27] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-29] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-07] (Anchorfree Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U3 a6e1a84z; C:\Windows\System32\Drivers\a6e1a84z.sys [0 ] (Advanced Micro Devices)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 10:46 - 2014-07-31 10:47 - 02094080 _____ (Farbar) C:\Users\rado\Desktop\FRST64.exe
2014-07-31 10:46 - 2014-07-31 10:46 - 00112640 _____ (forum.viry.cz) C:\Users\rado\Desktop\FRSTLauncher.exe
2014-07-31 10:45 - 2014-07-31 10:45 - 00013087 _____ () C:\Users\rado\Desktop\FRST.txt
2014-07-31 10:43 - 2014-07-31 10:45 - 00000000 ____D () C:\FRST
2014-07-28 09:10 - 2014-07-28 08:20 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-28 08:25 - 2014-07-28 09:11 - 00012713 _____ () C:\zoek-results.log
2014-07-28 08:24 - 2014-07-28 08:24 - 00002922 _____ () C:\Windows\System32\Tasks\{D049E20E-D152-4CE2-AD07-ABE34290ECC4}
2014-07-28 08:20 - 2014-07-28 09:10 - 00000000 ____D () C:\zoek_backup
2014-07-28 08:19 - 2014-07-28 08:19 - 01287168 _____ () C:\Users\rado\Desktop\zoek.exe
2014-07-27 11:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-27 11:46 - 2014-07-27 11:48 - 00000000 ____D () C:\AdwCleaner
2014-07-27 11:45 - 2014-07-27 11:45 - 01354223 _____ () C:\Users\rado\Desktop\adwcleaner_3.216.exe
2014-07-27 11:36 - 2014-07-27 11:36 - 00009137 _____ () C:\Users\rado\Desktop\JRT.txt
2014-07-27 11:09 - 2014-07-27 11:09 - 00000000 ____D () C:\Windows\ERUNT
2014-07-27 11:07 - 2014-07-27 11:07 - 01016261 _____ (Thisisu) C:\Users\rado\Desktop\JRT.exe
2014-07-26 01:28 - 2014-07-26 01:28 - 00084862 _____ () C:\Users\rado\Desktop\Extras.Txt
2014-07-26 01:09 - 2014-07-26 01:09 - 00180116 _____ () C:\Users\rado\Desktop\OTL.Txt
2014-07-25 22:19 - 2014-07-25 22:19 - 00000512 _____ () C:\PhysicalMBR.bin
2014-07-25 21:53 - 2014-07-25 21:53 - 00602112 _____ (OldTimer Tools) C:\Users\rado\Desktop\OTL.exe
2014-07-25 21:42 - 2014-07-27 12:34 - 00000000 ____D () C:\Users\rado\AppData\Roaming\NVIDIA
2014-07-25 20:28 - 2014-07-25 20:28 - 00000000 ____D () C:\rsit
2014-07-25 20:28 - 2014-07-25 20:28 - 00000000 ____D () C:\Program Files\trend micro
2014-07-25 19:48 - 2014-07-31 09:48 - 00000943 _____ () C:\Windows\setupact.log
2014-07-24 22:14 - 2014-07-24 22:14 - 00000000 ____D () C:\Users\rado\AppData\Local\Adobe
2014-07-24 21:49 - 2014-07-27 11:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-24 21:49 - 2014-07-24 21:49 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-24 21:49 - 2014-07-24 21:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-24 21:17 - 2014-07-31 09:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 21:17 - 2014-07-24 21:17 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-24 21:17 - 2014-07-24 21:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-24 21:17 - 2014-07-24 21:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-24 21:17 - 2014-07-24 21:17 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Macromedia
2014-07-24 21:09 - 2014-07-27 11:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-24 18:55 - 2014-07-24 21:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-24 18:55 - 2014-07-24 18:55 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-24 18:54 - 2014-07-24 18:54 - 00002189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-24 18:54 - 2014-07-24 18:54 - 00002177 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-24 18:54 - 2014-07-24 18:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-24 18:54 - 2009-01-25 12:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-07-24 18:42 - 2014-07-24 22:14 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Adobe
2014-07-24 16:53 - 2014-07-24 16:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-24 13:42 - 2013-11-11 17:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-07-24 13:42 - 2013-11-11 17:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-07-24 13:42 - 2013-11-11 17:01 - 03467927 _____ () C:\Windows\system32\nvcoproc.bin
2014-07-24 13:42 - 2013-11-11 17:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-07-24 13:42 - 2013-11-11 17:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-07-24 13:42 - 2013-11-11 17:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-07-24 13:42 - 2013-11-11 17:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-07-24 13:18 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-24 13:18 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-23 20:37 - 2014-07-23 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-23 20:37 - 2014-07-23 20:37 - 00000000 ____D () C:\ProgramData\ESET
2014-07-23 20:37 - 2014-07-23 20:37 - 00000000 ____D () C:\Program Files\ESET
2014-07-23 20:19 - 2012-08-23 16:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2014-07-23 20:19 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-07-23 20:18 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-07-23 20:18 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-07-23 20:18 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-07-22 09:38 - 2014-07-23 20:33 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-07-20 16:32 - 2014-07-20 16:32 - 00000222 _____ () C:\Users\rado\Desktop\HAWKEN.url
2014-07-18 21:57 - 2014-07-18 21:57 - 00000000 ____D () C:\Users\rado\AppData\Roaming\.mono
2014-07-17 01:26 - 2014-07-17 01:26 - 00000000 ____D () C:\Users\rado\AppData\Local\Targem
2014-07-16 22:30 - 2014-07-16 22:30 - 00000222 _____ () C:\Users\rado\Desktop\Jagged Alliance Online - Steam Edition.url
2014-07-16 19:47 - 2014-07-16 19:47 - 00000222 _____ () C:\Users\rado\Desktop\Star Conflict.url
2014-07-16 18:17 - 2014-07-24 13:19 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-15 19:30 - 2014-07-15 17:14 - 13994664 _____ () C:\Users\rado\Desktop\AirMech.exe
2014-07-15 17:23 - 2014-07-15 17:23 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Carbon
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default\AppData\Local\NVIDIA Corporation
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default\AppData\Local\NVIDIA
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\NVIDIA Corporation
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\NVIDIA
2014-07-14 16:19 - 2014-07-14 16:19 - 00000127 _____ () C:\Users\rado\Documents\moje znamenie v roznych kulturach.txt
2014-07-11 18:17 - 2014-07-11 18:17 - 00000000 ____D () C:\Users\rado\AppData\Local\LogMeIn
2014-07-11 13:49 - 2014-07-11 17:45 - 00056426 _____ () C:\Users\rado\Desktop\Nový textový dokument.txt
2014-07-11 09:10 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-07-11 09:10 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-09 22:34 - 2014-07-09 22:34 - 00290208 _____ () C:\Windows\Minidump\070914-22546-01.dmp
2014-07-09 21:40 - 2014-07-09 21:40 - 00001705 _____ () C:\Users\Public\Desktop\Nexus - The Jupiter Incident.lnk
2014-07-09 21:40 - 2014-07-09 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus - The Jupiter Incident
2014-07-09 20:53 - 2014-07-09 20:53 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-07-09 19:15 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-07-09 19:15 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-09 19:15 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-09 19:15 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-07-09 19:15 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-07-09 19:15 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-07-09 19:15 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-09 19:15 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-07-09 19:15 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-07-09 19:15 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-07-09 19:15 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-07-09 19:15 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-07-09 19:15 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-07-09 19:15 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-07-09 19:15 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-07-09 19:15 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-07-09 18:23 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 18:23 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 18:23 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 18:22 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 18:22 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 18:22 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 18:22 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-07-09 18:22 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-07-09 18:21 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 18:21 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 18:13 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 18:13 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 18:13 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 18:12 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 18:12 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 18:12 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 18:12 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 18:12 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 18:12 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 18:12 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 18:12 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 18:12 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 18:12 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 18:12 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 18:12 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 18:12 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 18:12 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 18:12 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 18:12 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 18:12 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 18:12 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 18:12 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 18:12 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 18:12 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 18:12 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 18:12 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 18:12 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 18:12 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 18:12 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 18:12 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 18:12 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 18:12 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 18:12 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 18:12 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 18:12 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 18:12 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 18:12 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 18:12 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 18:12 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 18:12 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 18:12 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 18:12 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 18:12 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 18:12 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 18:12 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 18:12 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 18:12 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 18:12 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 18:12 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 18:12 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 18:12 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 18:12 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 18:12 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 18:12 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 18:12 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 18:12 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 18:12 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 18:12 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 18:12 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-06 15:59 - 2014-07-30 19:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-06 15:59 - 2014-07-06 15:59 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-07-06 15:59 - 2014-07-06 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-05 16:12 - 2014-07-05 16:12 - 00000000 ____D () C:\Users\rado\AppData\Local\EMU
2014-07-05 16:02 - 2014-07-20 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warhammer 40000 Kill Team
2014-07-02 14:50 - 2014-07-02 14:50 - 00125440 _____ () C:\Users\rado\Desktop\winbox.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 10:47 - 2014-07-31 10:46 - 02094080 _____ (Farbar) C:\Users\rado\Desktop\FRST64.exe
2014-07-31 10:46 - 2014-07-31 10:46 - 00112640 _____ (forum.viry.cz) C:\Users\rado\Desktop\FRSTLauncher.exe
2014-07-31 10:45 - 2014-07-31 10:45 - 00013087 _____ () C:\Users\rado\Desktop\FRST.txt
2014-07-31 10:45 - 2014-07-31 10:43 - 00000000 ____D () C:\FRST
2014-07-31 10:17 - 2013-12-18 09:40 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 09:56 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 09:56 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 09:51 - 2014-07-24 21:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-31 09:51 - 2013-10-13 19:44 - 01386192 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 09:48 - 2014-07-25 19:48 - 00000943 _____ () C:\Windows\setupact.log
2014-07-31 09:48 - 2013-12-18 09:40 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 09:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-30 21:45 - 2012-08-24 16:22 - 00000000 ____D () C:\Users\rado\AppData\Roaming\BitTorrent
2014-07-30 19:50 - 2014-07-06 15:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-30 08:55 - 2012-08-24 18:36 - 00000000 ____D () C:\Users\rado\AppData\Roaming\vlc
2014-07-29 17:55 - 2013-10-08 07:55 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-28 14:18 - 2012-08-24 16:36 - 00000000 ____D () C:\Users\rado\AppData\Roaming\DAEMON Tools Lite
2014-07-28 09:11 - 2014-07-28 08:25 - 00012713 _____ () C:\zoek-results.log
2014-07-28 09:10 - 2014-07-28 08:20 - 00000000 ____D () C:\zoek_backup
2014-07-28 09:10 - 2014-06-10 09:38 - 00005698 _____ () C:\Windows\PFRO.log
2014-07-28 08:59 - 2012-08-22 15:29 - 00000000 ____D () C:\Users\rado
2014-07-28 08:24 - 2014-07-28 08:24 - 00002922 _____ () C:\Windows\System32\Tasks\{D049E20E-D152-4CE2-AD07-ABE34290ECC4}
2014-07-28 08:20 - 2014-07-28 09:10 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-28 08:19 - 2014-07-28 08:19 - 01287168 _____ () C:\Users\rado\Desktop\zoek.exe
2014-07-27 12:34 - 2014-07-25 21:42 - 00000000 ____D () C:\Users\rado\AppData\Roaming\NVIDIA
2014-07-27 12:32 - 2013-10-14 07:43 - 00660758 _____ () C:\Windows\system32\perfh005.dat
2014-07-27 12:32 - 2013-10-14 07:43 - 00144580 _____ () C:\Windows\system32\perfh01B.dat
2014-07-27 12:32 - 2013-10-14 07:43 - 00141408 _____ () C:\Windows\system32\perfc005.dat
2014-07-27 12:32 - 2013-10-14 07:43 - 00036678 _____ () C:\Windows\system32\perfc01B.dat
2014-07-27 12:32 - 2009-07-14 07:13 - 01751402 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 12:22 - 2014-04-12 05:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
2014-07-27 11:48 - 2014-07-27 11:46 - 00000000 ____D () C:\AdwCleaner
2014-07-27 11:45 - 2014-07-27 11:45 - 01354223 _____ () C:\Users\rado\Desktop\adwcleaner_3.216.exe
2014-07-27 11:36 - 2014-07-27 11:36 - 00009137 _____ () C:\Users\rado\Desktop\JRT.txt
2014-07-27 11:11 - 2014-07-24 21:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-27 11:09 - 2014-07-27 11:09 - 00000000 ____D () C:\Windows\ERUNT
2014-07-27 11:07 - 2014-07-27 11:07 - 01016261 _____ (Thisisu) C:\Users\rado\Desktop\JRT.exe
2014-07-27 11:04 - 2014-07-24 21:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-26 01:28 - 2014-07-26 01:28 - 00084862 _____ () C:\Users\rado\Desktop\Extras.Txt
2014-07-26 01:09 - 2014-07-26 01:09 - 00180116 _____ () C:\Users\rado\Desktop\OTL.Txt
2014-07-25 22:19 - 2014-07-25 22:19 - 00000512 _____ () C:\PhysicalMBR.bin
2014-07-25 21:53 - 2014-07-25 21:53 - 00602112 _____ (OldTimer Tools) C:\Users\rado\Desktop\OTL.exe
2014-07-25 20:28 - 2014-07-25 20:28 - 00000000 ____D () C:\rsit
2014-07-25 20:28 - 2014-07-25 20:28 - 00000000 ____D () C:\Program Files\trend micro
2014-07-24 22:14 - 2014-07-24 22:14 - 00000000 ____D () C:\Users\rado\AppData\Local\Adobe
2014-07-24 22:14 - 2014-07-24 18:42 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Adobe
2014-07-24 21:49 - 2014-07-24 21:49 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-24 21:49 - 2014-07-24 21:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-24 21:17 - 2014-07-24 21:17 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-24 21:17 - 2014-07-24 21:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-24 21:17 - 2014-07-24 21:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-24 21:17 - 2014-07-24 21:17 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Macromedia
2014-07-24 21:05 - 2014-07-24 18:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-24 18:55 - 2014-07-24 18:55 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-24 18:54 - 2014-07-24 18:54 - 00002189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-24 18:54 - 2014-07-24 18:54 - 00002177 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-24 18:54 - 2014-07-24 18:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-24 16:53 - 2014-07-24 16:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-24 13:42 - 2012-08-22 15:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-24 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-07-24 13:39 - 2012-08-22 15:45 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-24 13:38 - 2012-08-22 15:45 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-24 13:19 - 2014-07-16 18:17 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-24 04:57 - 2012-12-14 19:46 - 00000000 ____D () C:\Windows\rescache
2014-07-23 21:56 - 2011-08-30 08:00 - 00157805 ____H () C:\treeinfo.wc
2014-07-23 21:45 - 2013-11-12 18:15 - 00000000 ____D () C:\Users\rado\AppData\Local\NVIDIA Corporation
2014-07-23 20:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-23 20:37 - 2014-07-23 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-23 20:37 - 2014-07-23 20:37 - 00000000 ____D () C:\ProgramData\ESET
2014-07-23 20:37 - 2014-07-23 20:37 - 00000000 ____D () C:\Program Files\ESET
2014-07-23 20:33 - 2014-07-22 09:38 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-07-22 09:33 - 2012-08-24 17:32 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-07-21 22:59 - 2012-12-02 12:13 - 00007666 _____ () C:\Users\rado\AppData\Local\Resmon.ResmonCfg
2014-07-20 20:32 - 2012-09-08 11:30 - 00000000 ____D () C:\Users\rado\Documents\My Games
2014-07-20 16:32 - 2014-07-20 16:32 - 00000222 _____ () C:\Users\rado\Desktop\HAWKEN.url
2014-07-20 15:09 - 2014-02-03 17:51 - 00000000 ____D () C:\Users\rado\AppData\Roaming\GHISLER
2014-07-20 15:08 - 2014-07-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warhammer 40000 Kill Team
2014-07-20 15:08 - 2012-08-22 15:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-20 15:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-18 21:57 - 2014-07-18 21:57 - 00000000 ____D () C:\Users\rado\AppData\Roaming\.mono
2014-07-18 13:23 - 2013-12-18 09:41 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 01:26 - 2014-07-17 01:26 - 00000000 ____D () C:\Users\rado\AppData\Local\Targem
2014-07-16 22:30 - 2014-07-16 22:30 - 00000222 _____ () C:\Users\rado\Desktop\Jagged Alliance Online - Steam Edition.url
2014-07-16 19:47 - 2014-07-16 19:47 - 00000222 _____ () C:\Users\rado\Desktop\Star Conflict.url
2014-07-16 12:20 - 2009-07-14 07:08 - 00032502 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-15 17:23 - 2014-07-15 17:23 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Carbon
2014-07-15 17:14 - 2014-07-15 19:30 - 13994664 _____ () C:\Users\rado\Desktop\AirMech.exe
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default\AppData\Local\NVIDIA Corporation
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default\AppData\Local\NVIDIA
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\NVIDIA Corporation
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\NVIDIA
2014-07-14 16:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 16:42 - 2012-08-24 16:37 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Orbit
2014-07-14 16:19 - 2014-07-14 16:19 - 00000127 _____ () C:\Users\rado\Documents\moje znamenie v roznych kulturach.txt
2014-07-14 15:35 - 2012-08-24 15:45 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Winamp
2014-07-11 20:21 - 2014-06-10 11:38 - 00105280 _____ () C:\Users\rado\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-11 18:50 - 2014-06-10 09:38 - 04934344 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 18:44 - 2012-10-03 15:05 - 00003358 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-07-11 18:17 - 2014-07-11 18:17 - 00000000 ____D () C:\Users\rado\AppData\Local\LogMeIn
2014-07-11 17:45 - 2014-07-11 13:49 - 00056426 _____ () C:\Users\rado\Desktop\Nový textový dokument.txt
2014-07-11 09:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-07-11 09:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-07-09 22:34 - 2014-07-09 22:34 - 00290208 _____ () C:\Windows\Minidump\070914-22546-01.dmp
2014-07-09 22:34 - 2012-08-22 15:57 - 00000000 ____D () C:\Windows\Minidump
2014-07-09 22:03 - 2012-10-18 09:39 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-09 21:40 - 2014-07-09 21:40 - 00001705 _____ () C:\Users\Public\Desktop\Nexus - The Jupiter Incident.lnk
2014-07-09 21:40 - 2014-07-09 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus - The Jupiter Incident
2014-07-09 20:53 - 2014-07-09 20:53 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-07-09 20:27 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-09 20:21 - 2014-04-30 19:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 20:21 - 2010-11-21 17:10 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 20:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 20:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 19:11 - 2013-10-13 23:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 19:02 - 2012-08-24 15:44 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 18:53 - 2013-03-23 23:49 - 01710010 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-09 11:46 - 2014-01-27 18:45 - 00211456 _____ () C:\Windows\system32\Drivers\atksgt.sys
2014-07-08 16:13 - 2013-12-21 12:59 - 00000000 ____D () C:\Program Files (x86)\B1 Free Archiver
2014-07-08 15:56 - 2014-06-11 03:55 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-07-06 15:59 - 2014-07-06 15:59 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-07-06 15:59 - 2014-07-06 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-06 01:54 - 2013-12-10 19:57 - 00000000 ____D () C:\Users\rado\AppData\Local\SKIDROW
2014-07-05 16:12 - 2014-07-05 16:12 - 00000000 ____D () C:\Users\rado\AppData\Local\EMU
2014-07-02 14:50 - 2014-07-02 14:50 - 00125440 _____ () C:\Users\rado\Desktop\winbox.exe
Some content of TEMP:
====================
C:\Users\rado\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
==================== Security Center ==================
AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\rado\Desktop" je 131 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by rado (administrator) on RADO-PC on 31-07-2014 10:45:16
Running from C:\Users\rado\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Windows\CmUCREye_x64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Opera Software) C:\Program Files\Opera x64\opera.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(forum.viry.cz) C:\Users\rado\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Cmiboot] => C:\Windows\cmiboot.exe [65536 2007-02-07] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\MountPoints2: N - N:\setup.exe
HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\MountPoints2: {c27f0203-9a86-11db-95a2-806e6f6e6963} - E:\CheckID.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5F262B949489CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://loa.r2games.com/game/play/?server=3562
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
FireFox:
========
FF ProfilePath: C:\Users\rado\AppData\Roaming\Mozilla\Firefox\Profiles\w2q86uyf.default-1404304579824
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - d:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\rado\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\zoznam-sk.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-07-23]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (From Dust) - C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-01-05]
CHR Extension: (Skype Click to Call) - C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-21]
CHR Extension: (Google Wallet) - C:\Users\rado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-23] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 ArcService; d:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-18] ()
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-17] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [211456 2014-07-09] () [File not signed]
R3 CMIUCR; C:\Windows\System32\DRIVERS\cmiucr_x64.SYS [160256 2007-01-15] (C-Media Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-29] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-01-27] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-29] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-07] (Anchorfree Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U3 a6e1a84z; C:\Windows\System32\Drivers\a6e1a84z.sys [0 ] (Advanced Micro Devices)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 10:46 - 2014-07-31 10:47 - 02094080 _____ (Farbar) C:\Users\rado\Desktop\FRST64.exe
2014-07-31 10:46 - 2014-07-31 10:46 - 00112640 _____ (forum.viry.cz) C:\Users\rado\Desktop\FRSTLauncher.exe
2014-07-31 10:45 - 2014-07-31 10:45 - 00013087 _____ () C:\Users\rado\Desktop\FRST.txt
2014-07-31 10:43 - 2014-07-31 10:45 - 00000000 ____D () C:\FRST
2014-07-28 09:10 - 2014-07-28 08:20 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-28 08:25 - 2014-07-28 09:11 - 00012713 _____ () C:\zoek-results.log
2014-07-28 08:24 - 2014-07-28 08:24 - 00002922 _____ () C:\Windows\System32\Tasks\{D049E20E-D152-4CE2-AD07-ABE34290ECC4}
2014-07-28 08:20 - 2014-07-28 09:10 - 00000000 ____D () C:\zoek_backup
2014-07-28 08:19 - 2014-07-28 08:19 - 01287168 _____ () C:\Users\rado\Desktop\zoek.exe
2014-07-27 11:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-27 11:46 - 2014-07-27 11:48 - 00000000 ____D () C:\AdwCleaner
2014-07-27 11:45 - 2014-07-27 11:45 - 01354223 _____ () C:\Users\rado\Desktop\adwcleaner_3.216.exe
2014-07-27 11:36 - 2014-07-27 11:36 - 00009137 _____ () C:\Users\rado\Desktop\JRT.txt
2014-07-27 11:09 - 2014-07-27 11:09 - 00000000 ____D () C:\Windows\ERUNT
2014-07-27 11:07 - 2014-07-27 11:07 - 01016261 _____ (Thisisu) C:\Users\rado\Desktop\JRT.exe
2014-07-26 01:28 - 2014-07-26 01:28 - 00084862 _____ () C:\Users\rado\Desktop\Extras.Txt
2014-07-26 01:09 - 2014-07-26 01:09 - 00180116 _____ () C:\Users\rado\Desktop\OTL.Txt
2014-07-25 22:19 - 2014-07-25 22:19 - 00000512 _____ () C:\PhysicalMBR.bin
2014-07-25 21:53 - 2014-07-25 21:53 - 00602112 _____ (OldTimer Tools) C:\Users\rado\Desktop\OTL.exe
2014-07-25 21:42 - 2014-07-27 12:34 - 00000000 ____D () C:\Users\rado\AppData\Roaming\NVIDIA
2014-07-25 20:28 - 2014-07-25 20:28 - 00000000 ____D () C:\rsit
2014-07-25 20:28 - 2014-07-25 20:28 - 00000000 ____D () C:\Program Files\trend micro
2014-07-25 19:48 - 2014-07-31 09:48 - 00000943 _____ () C:\Windows\setupact.log
2014-07-24 22:14 - 2014-07-24 22:14 - 00000000 ____D () C:\Users\rado\AppData\Local\Adobe
2014-07-24 21:49 - 2014-07-27 11:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-24 21:49 - 2014-07-24 21:49 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-24 21:49 - 2014-07-24 21:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-24 21:17 - 2014-07-31 09:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 21:17 - 2014-07-24 21:17 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-24 21:17 - 2014-07-24 21:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-24 21:17 - 2014-07-24 21:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-24 21:17 - 2014-07-24 21:17 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Macromedia
2014-07-24 21:09 - 2014-07-27 11:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-24 18:55 - 2014-07-24 21:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-24 18:55 - 2014-07-24 18:55 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-24 18:54 - 2014-07-24 18:54 - 00002189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-24 18:54 - 2014-07-24 18:54 - 00002177 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-24 18:54 - 2014-07-24 18:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-24 18:54 - 2009-01-25 12:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-07-24 18:42 - 2014-07-24 22:14 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Adobe
2014-07-24 16:53 - 2014-07-24 16:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-24 13:42 - 2013-11-11 17:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-07-24 13:42 - 2013-11-11 17:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-07-24 13:42 - 2013-11-11 17:01 - 03467927 _____ () C:\Windows\system32\nvcoproc.bin
2014-07-24 13:42 - 2013-11-11 17:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-07-24 13:42 - 2013-11-11 17:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-07-24 13:42 - 2013-11-11 17:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-07-24 13:42 - 2013-11-11 17:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-07-24 13:18 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-24 13:18 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-23 20:37 - 2014-07-23 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-23 20:37 - 2014-07-23 20:37 - 00000000 ____D () C:\ProgramData\ESET
2014-07-23 20:37 - 2014-07-23 20:37 - 00000000 ____D () C:\Program Files\ESET
2014-07-23 20:19 - 2012-08-23 16:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2014-07-23 20:19 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-07-23 20:18 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-07-23 20:18 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-07-23 20:18 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-07-22 09:38 - 2014-07-23 20:33 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-07-20 16:32 - 2014-07-20 16:32 - 00000222 _____ () C:\Users\rado\Desktop\HAWKEN.url
2014-07-18 21:57 - 2014-07-18 21:57 - 00000000 ____D () C:\Users\rado\AppData\Roaming\.mono
2014-07-17 01:26 - 2014-07-17 01:26 - 00000000 ____D () C:\Users\rado\AppData\Local\Targem
2014-07-16 22:30 - 2014-07-16 22:30 - 00000222 _____ () C:\Users\rado\Desktop\Jagged Alliance Online - Steam Edition.url
2014-07-16 19:47 - 2014-07-16 19:47 - 00000222 _____ () C:\Users\rado\Desktop\Star Conflict.url
2014-07-16 18:17 - 2014-07-24 13:19 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-15 19:30 - 2014-07-15 17:14 - 13994664 _____ () C:\Users\rado\Desktop\AirMech.exe
2014-07-15 17:23 - 2014-07-15 17:23 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Carbon
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default\AppData\Local\NVIDIA Corporation
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default\AppData\Local\NVIDIA
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\NVIDIA Corporation
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\NVIDIA
2014-07-14 16:19 - 2014-07-14 16:19 - 00000127 _____ () C:\Users\rado\Documents\moje znamenie v roznych kulturach.txt
2014-07-11 18:17 - 2014-07-11 18:17 - 00000000 ____D () C:\Users\rado\AppData\Local\LogMeIn
2014-07-11 13:49 - 2014-07-11 17:45 - 00056426 _____ () C:\Users\rado\Desktop\Nový textový dokument.txt
2014-07-11 09:10 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-07-11 09:10 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-09 22:34 - 2014-07-09 22:34 - 00290208 _____ () C:\Windows\Minidump\070914-22546-01.dmp
2014-07-09 21:40 - 2014-07-09 21:40 - 00001705 _____ () C:\Users\Public\Desktop\Nexus - The Jupiter Incident.lnk
2014-07-09 21:40 - 2014-07-09 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus - The Jupiter Incident
2014-07-09 20:53 - 2014-07-09 20:53 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-07-09 19:15 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-07-09 19:15 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-09 19:15 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-09 19:15 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-07-09 19:15 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-07-09 19:15 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-07-09 19:15 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-09 19:15 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-07-09 19:15 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-07-09 19:15 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-07-09 19:15 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-07-09 19:15 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-07-09 19:15 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-07-09 19:15 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-07-09 19:15 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-07-09 19:15 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-07-09 18:23 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 18:23 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 18:23 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 18:22 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 18:22 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 18:22 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 18:22 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-07-09 18:22 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-07-09 18:21 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 18:21 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 18:20 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 18:20 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 18:13 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 18:13 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 18:13 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 18:12 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 18:12 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 18:12 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 18:12 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 18:12 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 18:12 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 18:12 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 18:12 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 18:12 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 18:12 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 18:12 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 18:12 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 18:12 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 18:12 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 18:12 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 18:12 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 18:12 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 18:12 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 18:12 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 18:12 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 18:12 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 18:12 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 18:12 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 18:12 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 18:12 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 18:12 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 18:12 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 18:12 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 18:12 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 18:12 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 18:12 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 18:12 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 18:12 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 18:12 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 18:12 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 18:12 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 18:12 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 18:12 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 18:12 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 18:12 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 18:12 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 18:12 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 18:12 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 18:12 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 18:12 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 18:12 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 18:12 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 18:12 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 18:12 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 18:12 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 18:12 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 18:12 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 18:12 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 18:12 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 18:12 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 18:12 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-06 15:59 - 2014-07-30 19:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-06 15:59 - 2014-07-06 15:59 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-07-06 15:59 - 2014-07-06 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-05 16:12 - 2014-07-05 16:12 - 00000000 ____D () C:\Users\rado\AppData\Local\EMU
2014-07-05 16:02 - 2014-07-20 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warhammer 40000 Kill Team
2014-07-02 14:50 - 2014-07-02 14:50 - 00125440 _____ () C:\Users\rado\Desktop\winbox.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 10:47 - 2014-07-31 10:46 - 02094080 _____ (Farbar) C:\Users\rado\Desktop\FRST64.exe
2014-07-31 10:46 - 2014-07-31 10:46 - 00112640 _____ (forum.viry.cz) C:\Users\rado\Desktop\FRSTLauncher.exe
2014-07-31 10:45 - 2014-07-31 10:45 - 00013087 _____ () C:\Users\rado\Desktop\FRST.txt
2014-07-31 10:45 - 2014-07-31 10:43 - 00000000 ____D () C:\FRST
2014-07-31 10:17 - 2013-12-18 09:40 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 09:56 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 09:56 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 09:51 - 2014-07-24 21:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-31 09:51 - 2013-10-13 19:44 - 01386192 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 09:48 - 2014-07-25 19:48 - 00000943 _____ () C:\Windows\setupact.log
2014-07-31 09:48 - 2013-12-18 09:40 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 09:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-30 21:45 - 2012-08-24 16:22 - 00000000 ____D () C:\Users\rado\AppData\Roaming\BitTorrent
2014-07-30 19:50 - 2014-07-06 15:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-30 08:55 - 2012-08-24 18:36 - 00000000 ____D () C:\Users\rado\AppData\Roaming\vlc
2014-07-29 17:55 - 2013-10-08 07:55 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-28 14:18 - 2012-08-24 16:36 - 00000000 ____D () C:\Users\rado\AppData\Roaming\DAEMON Tools Lite
2014-07-28 09:11 - 2014-07-28 08:25 - 00012713 _____ () C:\zoek-results.log
2014-07-28 09:10 - 2014-07-28 08:20 - 00000000 ____D () C:\zoek_backup
2014-07-28 09:10 - 2014-06-10 09:38 - 00005698 _____ () C:\Windows\PFRO.log
2014-07-28 08:59 - 2012-08-22 15:29 - 00000000 ____D () C:\Users\rado
2014-07-28 08:24 - 2014-07-28 08:24 - 00002922 _____ () C:\Windows\System32\Tasks\{D049E20E-D152-4CE2-AD07-ABE34290ECC4}
2014-07-28 08:20 - 2014-07-28 09:10 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-28 08:19 - 2014-07-28 08:19 - 01287168 _____ () C:\Users\rado\Desktop\zoek.exe
2014-07-27 12:34 - 2014-07-25 21:42 - 00000000 ____D () C:\Users\rado\AppData\Roaming\NVIDIA
2014-07-27 12:32 - 2013-10-14 07:43 - 00660758 _____ () C:\Windows\system32\perfh005.dat
2014-07-27 12:32 - 2013-10-14 07:43 - 00144580 _____ () C:\Windows\system32\perfh01B.dat
2014-07-27 12:32 - 2013-10-14 07:43 - 00141408 _____ () C:\Windows\system32\perfc005.dat
2014-07-27 12:32 - 2013-10-14 07:43 - 00036678 _____ () C:\Windows\system32\perfc01B.dat
2014-07-27 12:32 - 2009-07-14 07:13 - 01751402 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 12:22 - 2014-04-12 05:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
2014-07-27 11:48 - 2014-07-27 11:46 - 00000000 ____D () C:\AdwCleaner
2014-07-27 11:45 - 2014-07-27 11:45 - 01354223 _____ () C:\Users\rado\Desktop\adwcleaner_3.216.exe
2014-07-27 11:36 - 2014-07-27 11:36 - 00009137 _____ () C:\Users\rado\Desktop\JRT.txt
2014-07-27 11:11 - 2014-07-24 21:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-27 11:09 - 2014-07-27 11:09 - 00000000 ____D () C:\Windows\ERUNT
2014-07-27 11:07 - 2014-07-27 11:07 - 01016261 _____ (Thisisu) C:\Users\rado\Desktop\JRT.exe
2014-07-27 11:04 - 2014-07-24 21:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-26 01:28 - 2014-07-26 01:28 - 00084862 _____ () C:\Users\rado\Desktop\Extras.Txt
2014-07-26 01:09 - 2014-07-26 01:09 - 00180116 _____ () C:\Users\rado\Desktop\OTL.Txt
2014-07-25 22:19 - 2014-07-25 22:19 - 00000512 _____ () C:\PhysicalMBR.bin
2014-07-25 21:53 - 2014-07-25 21:53 - 00602112 _____ (OldTimer Tools) C:\Users\rado\Desktop\OTL.exe
2014-07-25 20:28 - 2014-07-25 20:28 - 00000000 ____D () C:\rsit
2014-07-25 20:28 - 2014-07-25 20:28 - 00000000 ____D () C:\Program Files\trend micro
2014-07-24 22:14 - 2014-07-24 22:14 - 00000000 ____D () C:\Users\rado\AppData\Local\Adobe
2014-07-24 22:14 - 2014-07-24 18:42 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Adobe
2014-07-24 21:49 - 2014-07-24 21:49 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-24 21:49 - 2014-07-24 21:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-24 21:17 - 2014-07-24 21:17 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-24 21:17 - 2014-07-24 21:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-24 21:17 - 2014-07-24 21:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-24 21:17 - 2014-07-24 21:17 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Macromedia
2014-07-24 21:05 - 2014-07-24 18:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-24 18:55 - 2014-07-24 18:55 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-24 18:54 - 2014-07-24 18:54 - 00002189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-24 18:54 - 2014-07-24 18:54 - 00002177 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-07-24 18:54 - 2014-07-24 18:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-24 16:53 - 2014-07-24 16:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-24 13:42 - 2012-08-22 15:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-24 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-07-24 13:39 - 2012-08-22 15:45 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-24 13:38 - 2012-08-22 15:45 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-24 13:19 - 2014-07-16 18:17 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-24 04:57 - 2012-12-14 19:46 - 00000000 ____D () C:\Windows\rescache
2014-07-23 21:56 - 2011-08-30 08:00 - 00157805 ____H () C:\treeinfo.wc
2014-07-23 21:45 - 2013-11-12 18:15 - 00000000 ____D () C:\Users\rado\AppData\Local\NVIDIA Corporation
2014-07-23 20:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-23 20:37 - 2014-07-23 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-23 20:37 - 2014-07-23 20:37 - 00000000 ____D () C:\ProgramData\ESET
2014-07-23 20:37 - 2014-07-23 20:37 - 00000000 ____D () C:\Program Files\ESET
2014-07-23 20:33 - 2014-07-22 09:38 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-07-22 09:33 - 2012-08-24 17:32 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-07-21 22:59 - 2012-12-02 12:13 - 00007666 _____ () C:\Users\rado\AppData\Local\Resmon.ResmonCfg
2014-07-20 20:32 - 2012-09-08 11:30 - 00000000 ____D () C:\Users\rado\Documents\My Games
2014-07-20 16:32 - 2014-07-20 16:32 - 00000222 _____ () C:\Users\rado\Desktop\HAWKEN.url
2014-07-20 15:09 - 2014-02-03 17:51 - 00000000 ____D () C:\Users\rado\AppData\Roaming\GHISLER
2014-07-20 15:08 - 2014-07-05 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warhammer 40000 Kill Team
2014-07-20 15:08 - 2012-08-22 15:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-20 15:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-18 21:57 - 2014-07-18 21:57 - 00000000 ____D () C:\Users\rado\AppData\Roaming\.mono
2014-07-18 13:23 - 2013-12-18 09:41 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 01:26 - 2014-07-17 01:26 - 00000000 ____D () C:\Users\rado\AppData\Local\Targem
2014-07-16 22:30 - 2014-07-16 22:30 - 00000222 _____ () C:\Users\rado\Desktop\Jagged Alliance Online - Steam Edition.url
2014-07-16 19:47 - 2014-07-16 19:47 - 00000222 _____ () C:\Users\rado\Desktop\Star Conflict.url
2014-07-16 12:20 - 2009-07-14 07:08 - 00032502 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-15 17:23 - 2014-07-15 17:23 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Carbon
2014-07-15 17:14 - 2014-07-15 19:30 - 13994664 _____ () C:\Users\rado\Desktop\AirMech.exe
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default\AppData\Local\NVIDIA Corporation
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default\AppData\Local\NVIDIA
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\NVIDIA Corporation
2014-07-15 16:44 - 2014-07-15 16:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\NVIDIA
2014-07-14 16:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 16:42 - 2012-08-24 16:37 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Orbit
2014-07-14 16:19 - 2014-07-14 16:19 - 00000127 _____ () C:\Users\rado\Documents\moje znamenie v roznych kulturach.txt
2014-07-14 15:35 - 2012-08-24 15:45 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Winamp
2014-07-11 20:21 - 2014-06-10 11:38 - 00105280 _____ () C:\Users\rado\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-11 18:50 - 2014-06-10 09:38 - 04934344 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 18:44 - 2012-10-03 15:05 - 00003358 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-07-11 18:17 - 2014-07-11 18:17 - 00000000 ____D () C:\Users\rado\AppData\Local\LogMeIn
2014-07-11 17:45 - 2014-07-11 13:49 - 00056426 _____ () C:\Users\rado\Desktop\Nový textový dokument.txt
2014-07-11 09:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-07-11 09:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-07-09 22:34 - 2014-07-09 22:34 - 00290208 _____ () C:\Windows\Minidump\070914-22546-01.dmp
2014-07-09 22:34 - 2012-08-22 15:57 - 00000000 ____D () C:\Windows\Minidump
2014-07-09 22:03 - 2012-10-18 09:39 - 00000000 ____D () C:\Users\rado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-09 21:40 - 2014-07-09 21:40 - 00001705 _____ () C:\Users\Public\Desktop\Nexus - The Jupiter Incident.lnk
2014-07-09 21:40 - 2014-07-09 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus - The Jupiter Incident
2014-07-09 20:53 - 2014-07-09 20:53 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-07-09 20:27 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-09 20:21 - 2014-04-30 19:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 20:21 - 2010-11-21 17:10 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 20:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 20:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 19:11 - 2013-10-13 23:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 19:02 - 2012-08-24 15:44 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 18:53 - 2013-03-23 23:49 - 01710010 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-09 11:46 - 2014-01-27 18:45 - 00211456 _____ () C:\Windows\system32\Drivers\atksgt.sys
2014-07-08 16:13 - 2013-12-21 12:59 - 00000000 ____D () C:\Program Files (x86)\B1 Free Archiver
2014-07-08 15:56 - 2014-06-11 03:55 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-07-06 15:59 - 2014-07-06 15:59 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-07-06 15:59 - 2014-07-06 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-06 01:54 - 2013-12-10 19:57 - 00000000 ____D () C:\Users\rado\AppData\Local\SKIDROW
2014-07-05 16:12 - 2014-07-05 16:12 - 00000000 ____D () C:\Users\rado\AppData\Local\EMU
2014-07-02 14:50 - 2014-07-02 14:50 - 00125440 _____ () C:\Users\rado\Desktop\winbox.exe
Some content of TEMP:
====================
C:\Users\rado\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
==================== Security Center ==================
AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\rado\Desktop" je 131 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- (7.24 KiB) Staženo 39 x
Re: prosim o pomoc


- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Start HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd) HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\Policies\Explorer: [] HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\MountPoints2: N - N:\setup.exe HKU\S-1-5-21-2103325229-1255119138-1366225161-1001\...\MountPoints2: {c27f0203-9a86-11db-95a2-806e6f6e6963} - E:\CheckID.exe ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5F262B949489CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://loa.r2games.com/game/play/?server=3562 URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) C:\Program Files (x86)\Skype\Toolbars C:\Program Files (x86)\Spybot - Search & Destroy 2 S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] 2014-07-31 10:46 - 2014-07-31 10:46 - 00112640 _____ (forum.viry.cz) C:\Users\rado\Desktop\FRSTLauncher.exe 2014-07-31 10:45 - 2014-07-31 10:45 - 00013087 _____ () C:\Users\rado\Desktop\FRST.txt 2014-07-28 09:10 - 2014-07-28 08:20 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-07-28 08:25 - 2014-07-28 09:11 - 00012713 _____ () C:\zoek-results.log 2014-07-28 08:20 - 2014-07-28 09:10 - 00000000 ____D () C:\zoek_backup 2014-07-28 08:19 - 2014-07-28 08:19 - 01287168 _____ () C:\Users\rado\Desktop\zoek.exe 2014-07-27 11:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-07-27 11:46 - 2014-07-27 11:48 - 00000000 ____D () C:\AdwCleaner 2014-07-27 11:45 - 2014-07-27 11:45 - 01354223 _____ () C:\Users\rado\Desktop\adwcleaner_3.216.exe 2014-07-27 11:36 - 2014-07-27 11:36 - 00009137 _____ () C:\Users\rado\Desktop\JRT.txt 2014-07-27 11:09 - 2014-07-27 11:09 - 00000000 ____D () C:\Windows\ERUNT 2014-07-27 11:07 - 2014-07-27 11:07 - 01016261 _____ (Thisisu) C:\Users\rado\Desktop\JRT.exe 2014-07-26 01:28 - 2014-07-26 01:28 - 00084862 _____ () C:\Users\rado\Desktop\Extras.Txt 2014-07-26 01:09 - 2014-07-26 01:09 - 00180116 _____ () C:\Users\rado\Desktop\OTL.Txt 2014-07-25 22:19 - 2014-07-25 22:19 - 00000512 _____ () C:\PhysicalMBR.bin 2014-07-25 21:53 - 2014-07-25 21:53 - 00602112 _____ (OldTimer Tools) C:\Users\rado\Desktop\OTL.exe 2014-07-25 20:28 - 2014-07-25 20:28 - 00000000 ____D () C:\rsit 2014-07-25 20:28 - 2014-07-25 20:28 - 00000000 ____D () C:\Program Files\trend micro 2014-07-24 18:55 - 2014-07-24 21:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-07-24 18:55 - 2014-07-24 18:55 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-07-24 18:54 - 2014-07-24 18:54 - 00002189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-07-24 18:54 - 2014-07-24 18:54 - 00002177 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-07-24 18:54 - 2014-07-24 18:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-07-24 18:54 - 2009-01-25 12:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 Task: {3FE9120F-DE1F-4D34-96CA-86BB353065D7} - \GoforFilesUpdate No Task File <==== ATTENTION Hosts: Reboot: End
- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST

- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
